Explore the convergence of eBPF, Buildroot, and QEMU for automated Linux malware analysis in this informative conference talk. Delve into the rising threat of Linux-based malware and learn about open-source technologies that can be leveraged for in-depth analysis. Discover the principles of extended Berkeley Packet Filter (eBPF) and its role in tracing and observability for behavioral analysis. Examine the use of Buildroot in developing effective Linux sandboxes for various architectures and QEMU for emulation. Gain insights into the ELFEN sandbox, an automated analysis system, and witness demonstrations of popular Linux malware families like Mirai and AvosLocker. Understand the current landscape of Linux malware analysis and explore potential future developments in this critical area of cybersecurity.
The Convergence of eBPF, Buildroot, and QEMU for Automated Linux Malware Analysis
Overview
Syllabus
Speaker and Talk Introduction
Talk Agenda
extended Berkeley Packet Filter eBPF
ELFEN Sandbox
Demo Analysis with ELFEN
Future Work
Taught by
nullcon
Related Courses
-
Dynamic Image Scanning Through System Tracing
-
Kernel Tracing With EBPF
-
Pixie's eBPF Protocol Tracer
-
Im Cuckoo for Malware Cuckoo Sandbox and Dynamic Malware Analysis
-
Automating Linux Malware Analysis Using Limon Sandbox
-
Bypassing Malware Analysis Sandboxes Is Easy - Let’s Discuss How They Are Doing It and Why It Works
