2019-10-23, 11:15–12:00, Europe
Recent development of the exploitation with file-less method is also affecting the Linux platform too. The process injection and file-less methods used for malicious code execution on some post exploitation tools for Linux are supported to perform those operations. This trend may affect many internet of services and things that can trigger a wider and multiple incidents for more damage, so we may need to re-assess again current security readiness on protecting these platform.
In this presentation we would like to discuss several information, methods of the file-less infection and Linux process injection in the recent trends from the blue-teamer perspective, following by the summary on their usage the way we spotted them in some public incidents. Along with the most applicable methods that may can help to forensics such cases, to help the fellow incident response operatives on handling such cases.
The information shared in this presentation is set on TLP AMBER.