SiddharthDetecting memfd_create linux fileless malware with EBPFDetecting Fileless malwares on the systems has always been tricky. In the past we have seen some linux malwares which used fileless…Feb 18, 2022Feb 18, 2022
SiddharthStackSnooping: An approach to detect the rootkit’s hookWhile doing research on linux rootkits, I read about some hooking techniques which are used by the rootkits to tamper the actual behavior…Nov 13, 2021Nov 13, 2021
SiddharthLinux Rootkits — Multiple ways to hook syscall(s)Most of the rootkits used in the malware attacks we see are open source and have almost the same behaviour(hiding and hooking) as that of…Oct 17, 2021Oct 17, 2021
SiddharthEasy Unpacking-Golang-based ELF malwareWhile I was looking into TeamTNT associated binaries (especially the XMRIG ones), I found a blog post which was published by Trend Micro…Oct 7, 2021Oct 7, 2021
SiddharthDebugging Golang based ELF malwareGolang is simple and has a cross-platform compiler which gives malware authors a chance to develop malware without putting too much effort…Oct 7, 2021Oct 7, 2021
SiddharthDocker API AbuseThe docker API basically is an interface between docker daemon and docker image. The docker API is exposed via a Unix Socket at…Oct 6, 2021Oct 6, 2021