Completed
Inside the tunnels
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Hunting Malware on Linux Production Servers - The Windigo Backstory
Automatically move to the next video in the Classroom when playback concludes
- 1 Hunting Malware on Linux Production Servers
- 2 What is Operation Windigo?
- 3 Compromised infrastructure
- 4 How does it expand?
- 5 Why advanced?
- 6 Money trail
- 7 Impact
- 8 Same crypto code
- 9 Case expansion
- 10 Going out-of-band
- 11 Devops operators?
- 12 Recon / Deployment scripts
- 13 Perl scripts
- 14 Eliminates evidence
- 15 Recon script (cont)
- 16 Deployment script (cont)
- 17 Daily monitoring script
- 18 Other scripts findings
- 19 The situation is
- 20 Protip
- 21 SUCCESS
- 22 Recap
- 23 Network evasion
- 24 SSH tunnels
- 25 nginx reverse proxies
- 26 nginx Cdorked config example
- 27 nginx Calfbot config example
- 28 What are IP in IP tunnels
- 29 Inside the tunnels
- 30 iptables
- 31 Indicators of Compromise
- 32 Closing words