Introduction Craig Rowland, Founder and CEO of Sandfly Security, delivered a presentation titled Evasive Linux Malware at the Oslo Cold Incident Response Conference last year (Slides here, Presentation here), dissecting the notorious BPFDoor malware. In this post, we will analyze the BPFDoor backdoor only with the Linux utility strace, trying to get as much information as possible about the malware by tracing the executed syscalls from the binary. Swift assessments of malware samples like the...
