Explore a groundbreaking presentation on a novel Linux rootkit that exploits container technology for malicious purposes. Delve into the technical intricacies of this advanced threat, capable of infecting and persisting in systems with UEFI secure boot enabled, bypassing kernel module signing protections. Discover how this nearly invisible backdoor operates without a malicious kernel module and can be remotely controlled through a covert network channel. Learn about the potential risks to Linux systems and, more importantly, gain insights into effective mitigation strategies and solutions to enhance boot security. Equip yourself with the knowledge to understand and combat this innovative cybersecurity challenge in the Linux ecosystem.
Overview
Syllabus
Horse Pill: A New Type of Linux Rootkit
Taught by
Black Hat