YoVDO

The Convergence of eBPF, Buildroot, and QEMU for Automated Linux Malware Analysis

Offered By: nullcon via YouTube

Tags

nullcon Courses Cybersecurity Courses Malware Analysis Courses QEMU Courses Buildroot Courses eBPF Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the convergence of eBPF, Buildroot, and QEMU for automated Linux malware analysis in this informative conference talk. Delve into the rising threat of Linux-based malware and learn about open-source technologies that can be leveraged for in-depth analysis. Discover the principles of extended Berkeley Packet Filter (eBPF) and its role in tracing and observability for behavioral analysis. Examine the use of Buildroot in developing effective Linux sandboxes for various architectures and QEMU for emulation. Gain insights into the ELFEN sandbox, an automated analysis system, and witness demonstrations of popular Linux malware families like Mirai and AvosLocker. Understand the current landscape of Linux malware analysis and explore potential future developments in this critical area of cybersecurity.

Syllabus

Speaker and Talk Introduction
Talk Agenda
extended Berkeley Packet Filter eBPF
ELFEN Sandbox
Demo Analysis with ELFEN
Future Work


Taught by

nullcon

Related Courses

Unearthing Malicious and Risky OpenSource Packages Using Packj
nullcon via YouTube Pushing Security Left by Mutating Byte Code
nullcon via YouTube The Faces of MacOS Malware - Detecting Anomalies in a Poisoned Apple
nullcon via YouTube Contextomy - Let's Debug Together
nullcon via YouTube Mind The Gap - The Linux Ecosystem Kernel Patch Gap
nullcon via YouTube