Skip to content

archcloudlabs/BSidesRoc2022_Linux_Malware_Analysis_Course

Repository files navigation

logo

About The Course

According to recent industry reports, Linux focused malware has grown in the past year by over 30%. With the rise in Cloud Computing it’s no surprised that attackers are looking beyond traditional Windows environments to profit off of illicit access. This course was given at BSides Roc 2022 in order to provide students with a broad exposure of techniques and tools to identify, triage and analyze a faux-incident in a CTF style event.

  • A Vagrant file is included in the courses which covers module 01 and 02. Modules 03 and 04 require a GUI, and installing XFCE within the VM caused issues when testing.
  • If you have a Linux VM, simply install Ghidra and Cutter and you'll be good to go.

Note, all files are now included in the git repo itself and you do not need to obtain the malware from the servers listed in the repos.

Disclaimer

These are real modified malware samples! Do NOT run them unless you are absolutely sure of what you are doing! Arch Cloud Labs is not responsible for any damages.

Threat Intel Brieifing on APT-585

Threat Actor(s) APT-585 leverage known exploits and modified offensive security tools to obtain access to victims environments for Cryptocurrency and ransomware attacks. Specifically targeting web servers and vulnerable web applications.

APT-585 leverages leased infrastructure from popular cloud providers to stage capabilities to bring into victims environments. Their leader is unknown, but historically poor opsec has led to the takedown of domains. It's likely their sloppy tactics will lead to revealing themselves.

Special Thanks

Thank you to the Digitial Corpora project for hosting forensic images for forensic education!

 Garfinkel, Farrell, Roussev and Dinolt, Bringing Science to Digital Forensics with Standardized Forensic Corpora, DFRWS 2009, Montreal, Canada.

About

BSidesRoc 2022 Linux Malware/Forensics Course

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages