1001 segfaults: tales of stealthy Linux in-memory execution
-
James Henderson
- SnoopCon 2023
Multiple techniques have been found over the years for stealthy and in-memory malware execution on Linux systems, and this talk will examine the practicalities behind developing fileless / in-memory execution for Linux systems, for red / blue / purple teamers, as well as discussing detection techniques. The idea is to give an overview of several techniques, a deep dive on how we can use features of Linux’s memory management to run stealthy processes, and what this means for modern defenders.