Blog

Black Hat 2024 USA - Practical Linux Attack Paths and Hunting For Red And Blue Team

Our 4-day training "Practical Linux Attack Paths and Hunting For Red And Blue Team" has been officially accepted for Black Hat USA 2024. It is a great pleasure and a fantastic distinction. Registration is already open. Take a look at the agenda and register asap! See ya in Vegas!

Read now

In the ever-evolving landscape of cybersecurity, the importance of Linux detection and Digital Forensics and Incident Response (DFIR) cannot be overstated. In this post, we delve into the profound significance of these aspects, particularly from a low-level understanding of Linux internals, subsystems, and the /sys and /proc paths.

Read now

The /etc/ld.so.preload is an environment variable in Linux that specifies a list of dynamic shared object (DSO) libraries to be preloaded before any others when a program is executed. These libraries can override functions and behaviors of other libraries, allowing for interception and modification of system calls and program behavior. This feature is often exploited by rootkits, malicious software designed to stay hidden with unauthorized access and control over a system.

Read now

Since I was 18 years old, Linux was my preferred OS for desktops, servers, virtualization, storage, VPN, metrics, for Quake3 as well. For offensive operations and defensive research and hardening. After 20 years that did not change. What's most interesting, each project that I was commercially working on needed more or less advanced knowledge of Linux, understanding the internals, and the behavior of mechanisms such as SELinux, AppArmor, iptables, tcpdump to name just a few. No GUI of course!

Read now

Linux systems as well as Open Source solutions are the backbone of the modern Internet, critical services, and services. Kubernetes clusters, containers, complex business applications and APIs, corporate firewalls, gateways, load balancers and jump hosts, proxy and WAF servers, NIDS, and NIPS systems. CI/CD. C2 servers and redirectors as well. When referring to the above solutions and services, I always automatically see Linux. Linux for defense and attack.

Awareness of threats in the above context suggests that their low-level monitoring, tracing, configuration hardening, periodic examination of behavior profiles including the RAM memory forensics process, or proactive hunting for threats are areas that are worth developing in order to minimize the risk and impact of a potential attack. Such an approach increases the chances of an attack being prevented or detected early in the chain, thus gaining contextual insight into post-exploitation activities at multiple layers. In the above context, we will refer to the eBPF technology in the offensive-defensive approach.

Read now

Blog

Black Hat 2024 USA - Practical Linux Attack Paths and Hunting For Red And Blue Team

The Crucial Significance of Modern Linux Detection and DFIR

Preventing modification of /etc/ld.so.preload with SELinux

Advancing your Cyber/Linux skills - things connect together!

Linux eBPF as a double-edged sword