Hunting Malware on Linux Production Servers - The Windigo Backstory

Hunting Malware on Linux Production Servers - The Windigo Backstory

via YouTube Direct link

iptables

30 of 32

30 of 32

iptables

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Hunting Malware on Linux Production Servers - The Windigo Backstory

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Hunting Malware on Linux Production Servers
  2. 2 What is Operation Windigo?
  3. 3 Compromised infrastructure
  4. 4 How does it expand?
  5. 5 Why advanced?
  6. 6 Money trail
  7. 7 Impact
  8. 8 Same crypto code
  9. 9 Case expansion
  10. 10 Going out-of-band
  11. 11 Devops operators?
  12. 12 Recon / Deployment scripts
  13. 13 Perl scripts
  14. 14 Eliminates evidence
  15. 15 Recon script (cont)
  16. 16 Deployment script (cont)
  17. 17 Daily monitoring script
  18. 18 Other scripts findings
  19. 19 The situation is
  20. 20 Protip
  21. 21 SUCCESS
  22. 22 Recap
  23. 23 Network evasion
  24. 24 SSH tunnels
  25. 25 nginx reverse proxies
  26. 26 nginx Cdorked config example
  27. 27 nginx Calfbot config example
  28. 28 What are IP in IP tunnels
  29. 29 Inside the tunnels
  30. 30 iptables
  31. 31 Indicators of Compromise
  32. 32 Closing words

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.