Hunting Linux Malware for Fun and Flags

Explore server-side Linux malware threats and learn effective analysis techniques in this 46-minute RSA Conference talk by ESET Senior Malware Researcher Marc-Etienne M.Léveillé. Gain insights into creating a safe environment for studying Linux malware, understanding common artifacts, and investigating file metadata. Discover methods for examining basic filesystem structures, verifying package integrity, and analyzing logs using auditd. Learn to analyze live processes, utilize procfs exe magic links, and perform process memory dumps. Delve into kernel memory analysis, network configuration examination, and network capture techniques. Master two approaches: reversing script-based malware and reverse engineering compiled malware. Acquire practical skills to enhance your Linux security expertise and better protect your infrastructure against evolving threats.

Intro
About this presentation
Why malware on Linux servers?
Why care?
Why understand them?
Artifacts
Common file metadata
Basic filesystem
Package integrity
Logs
Using auditd
Offline filesystem
Analyzing a live process
procfs exe magic link
Process stalling
Process memory dump
Kernel memory
Network configuration
Network capture
Two approaches
Reversing script-based malware
Reverse engineering compiled malware
This week you should
Within three months you should
Next you should