Hunting Linux Malware for Fun and Flags
2019-05-16, 10:30–12:30, Workshop 3

Fun introduction to Linux malware analysis and incident response. Trainees get
root access to compromised Linux servers where they need to understand what
they are up against (and find the flags!).


Server-side Linux malware is a real threat now. Unfortunately, unlike for its
Windows counterpart, most system administrators are inadequately trained or
don't have enough time allocated to analyze and understand
the threats that their infrastructures are facing. This tutorial aims at
creating an environment where Linux professionals have the opportunity to
study such threats safe and in a time-effective fashion.

In this introductory tutorial you will learn to fight real-world Linux malware
that targets server environments. Attendees will have to find malicious
processes and concealed backdoors in a compromised Web server.

In order to make the tutorial accessible for a range of skill levels several
examples of malware will be used with increasing layers of complexity — from
scripts to ELF binaries with varying degrees of obfuscation. Additionally, as
is common in Capture-The-Flag information security competitions, flags will be
hidden throughout the environment for attendees to find.