SiddharthDetecting memfd_create linux fileless malware with EBPFDetecting Fileless malwares on the systems has always been tricky. In the past we have seen some linux malwares which used fileless…5 min read·Feb 18, 2022----
SiddharthStackSnooping: An approach to detect the rootkit’s hookWhile doing research on linux rootkits, I read about some hooking techniques which are used by the rootkits to tamper the actual behavior…9 min read·Nov 13, 2021----
SiddharthLinux Rootkits — Multiple ways to hook syscall(s)Most of the rootkits used in the malware attacks we see are open source and have almost the same behaviour(hiding and hooking) as that of…8 min read·Oct 17, 2021----
SiddharthEasy Unpacking-Golang-based ELF malwareWhile I was looking into TeamTNT associated binaries (especially the XMRIG ones), I found a blog post which was published by Trend Micro…4 min read·Oct 7, 2021----
SiddharthDebugging Golang based ELF malwareGolang is simple and has a cross-platform compiler which gives malware authors a chance to develop malware without putting too much effort…7 min read·Oct 7, 2021----
SiddharthDocker API AbuseThe docker API basically is an interface between docker daemon and docker image. The docker API is exposed via a Unix Socket at…2 min read·Oct 6, 2021----