Notes

2025-04-03

Notes

A curated index of my notes can be found here.

Below are bibcard-style notes taken while reading, watching videos, and working through courses.

Alonso, Angel (2016) Anatomy of a Real Linux Intrusion Part I: Running a MiTM SSH honeypot
Alonso, Angel (2016) Anatomy of a Real Linux Intrusion Part II: OpenSSH trojanized toolkit
Amethyst Basilisk (2024) Broodsac: A VX Adventure in Build Systems and Oldschool Techniques
Anonymous (2002) Runtime Process Infection
Antoniuk, Daryna (2024) China-linked hackers target Linux systems with new spying malware
Aragon, Jonah (2025) The Protesters’ Guide to Smartphone Security
Balci, Ege (2024) Evasion by De-optimization
Baines, Jacob (2016) Programming Linux Anti-Reversing Techniques
Bartholomew, Brian (2017) Wave Your False Flags! Deception Tactics Muddying Attribution in Targeted Attacks
Baumgartner, Kurt (2015) TurlaSat: The Fault in our Stars - Turla’s Exquisite Satlink Appropriation
BJJ Scout (2024) BJJ Scout: Murilo Santana Passing Study Part 1 - Stacks and Over Unders
Black Lotus Labs (2022) Chaos Is A Go-Based Swiss Army Knife Of Malware
Boelen, Michael (2025) Auditing Linux processes: The Deep Dive!
Borges, Dan (2021) Adversarial Tradecraft in Cybersecurity: Offense versus defense in real-time computer conflict
Botvinnik, Marina et al. (2023) The Finger in the Power: How to Fingerprint PCs by Monitoring their Power Consumption
Breshahan, Christine and Blum, Richard (2015) CompTIA Linux+ Powered by Linux Professional Institute Study Guide - Third Edition
Brown, Rebekah (2017) The Shadow Brokers Leaked Exploits Explained
Buchanan, David (2024) MPEG-CENC: Defective by Specification
Cesare, Silvio (1999) Linux Anti-Debugging Techniques (Fooling the Debugger)
Cesare, Silvio (1998) Runtime Kernel KMEM Patching
Chen, Wei (2013) The Forgotten Spying Feature: Metasploit’s Mic Recording Command
Clinch Academy (2022) Rodeo Guard Control Lesson 1
Constantin, Lucian (2024) Mirai-based Noabot botnet deploys cryptominer on Linux servers
cryptax (2024) Reversing Dart AOT snapshots
cts (2024) Calling All Hackers
Dumont, Romain. M.Leveille, Marc-Etienne. Porcher, Hugo (2018) The Dark Side of the ForSSHe
ElfMaster (2010) Kernel instrumentation using kprobes
erev0s (2020) Encrypted Bind and Reverse Shells with Socat
Fiser, David. Oliveira, Alfredo (2021) Tracking the Activities of TeamTNT
Fisher, Phineas (2019) Cayman Island Bank Writeup
Fisher, Phineas (2016) HackingTeam Writeup
Fisher, Phineas (2014) Gamma Group Writeup
g1inko (2024) Finding hidden kernel modules (extrem way reborn): 20 years later
Goodin, Dan (2022) Chaos Malware
Greenman, Murray (2018) 70 Years of Amateur Digital Modes
grugq. scut (2001) Armouring the ELF: Binary encryption on the UNIX platform
grugq (2012) OPSEC: Because Jail is for wuftpd
grugq (2004) The Design and Implementation of Userland Exec
Gunderson, Steinar H. (2011) Ebury, a new SSH trojan
halflife (1997) Abuse of the Linux Kernel for Fun and Profit
Hand, Matt (2024) Evading EDR: The Definitive Guide to Defeating Endpoint Detection Systems
Heathfield, Richard (2000) C Unleashed: From Knowledge to Mastery
Johnston, Daniel. Sillam, Yohan (2024) New Sysrv Botnet Variant Makes Use of Google Subdomain to Spread XMRig Miner
Kaspersky GReAT Team (2015) Equation: The Death Star of Malware Galaxy
Kaspersky GReAT Team (2020) An overview of targeted attacks and APTs on Linux
Kennedy, Joakim Dr. (2022) Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
Krebs, Brian (2016) Source Code for IoT Botnet ‘Mirai’ Released
Lang, Nicholas (2023) Chaos Malware Quietly Evolves Persistence and Evasion Techniques
Level 3 Threat Research Labs (2016) Attack of Things!
Luttgens, Jason T. Pepe, Matthew. Mandia, Kevin (2014) Incident Response & Computer Forensics, Third Edition
Loeb, Angela (2012) I’m Getting What I Want… And It’s Incredibly Easy
Malone, Barry (2023) Sliver: Intro to An Awesome C2 Framework
ManageEngine (2024) Credential Theft Using Procdump or Comsvcs
matheuz (2025) Unhooking Linux EDRs
Matheuzsec. Humzak711 (2025) The Art of Linux Kernel Rootkit
Nazarov, Konstantin (2023) Statically linked Python interpreter
O’Neill, Ryan (2016) Learning Linux Binary Analysis: Uncover the secrets of Linux binary analysis with this handy guide.
odzhan (2019) MiniDumpWriteDump via COM+ Services DLL
osxreverser (2021) Knock Knock! Who’s There? - An NSA VM
Pace, Shelby (2019) Metasploit Shellcode Grows Up: Encrypted and Authenticated C Shells
Pangu Lab (2022) Bvp47 Top-tier Backdoor of US NSA Equation Group
Petrich, Ryan (2024) Stealth Shell: A Fully Virtualized Attack Toolchain
Phrack Staff (2024) Linenoise - Phrack 71
Pierce, Sean (2015) Defending Against Malicious Application Compatibility Shims
Pourcelot, Tristan (2022) Tricephalic Hellkeeper: a tale of a passive backdoor
PwC Threat Intelligence (2022) The Tortoise and The Malwahare
Raiu, Costin. Moore, Daniel. Guerrero-Sade, Juan Andres. Rid, Thomas (2017) Penguin’s Moonlit Maze
Rather, Dan (2016) Dan Rather on Journalism & Finding the Truth in the News
Reichert, Zachary (2024) Unveiling “sedexp”: A Stealthy Linux Malware Exploiting udev Rules
Reid, Alex (2024) Dumping LSASS Like it’s 2019
Remillano, Augusto. Gelera, Byron (2019) Outlaw’s Botnet Spreads Miner, Perl-Based Backdoor
Ribak, Lior (2020) Leveraging LD_AUDIT to Beat the Traditional Linux Library Preloading Technique
Rowland, Craig (2019) Getting an Attacker IP Address from a Malicious Linux At Job
ropnop (2017) Upgrading Simple Shells to Fully Interactive TTYs
Sanmillan, Ignacio (2019) HiddenWasp Malware Stings Targeted Linux Systems
Schiffman, Mike D. (2003) Building Open Source Network Security Tools: Components and Techniques
Scramble Blog (2024) Fixing Common Postural Problems in BJJ and MMA
Sektor7 Institute (2020) RED TEAM Operator: Malware Development Essentials Course
Sharma, Siddarth (2023) When PAM Goes Rogue: Malware Uses Authentication Modules for Mischief
Soatok (2025) Tech Companies Apparently Do Not Understand Why We Dislike AI
Song, Wagner, Tian (2001) Timing Analysis of Keystrokes and Timing Attacks on SSH
Sperka, Viktor (2024) Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine
Strand, John (2013) Offensive Countermeasures: The Art of Active Defense
Strand, John (2021) Open Source and Free EDR
Steffens, Timo (2020) Attribution of Advanced Persistent Threats: How to Identify the Actors BeHind Cyber-Espionage
Tanium CTI (2023) CTI Roundup: Skuld Malware Steals Discord Data From Windows PCs
Thomson, Iain (2025) Watch out for any Linux malware sneakily evading syscall-watching
Tikochinski, Gili. Shriki, Yaara (2024) Unpacking Diicot - Evolving Campaign Targeting Linux Environments
Toulas, Bill (2025) Linux ‘io_uring’ security blindspot allows stealthy rootkit attacks
[Vermeulen, Sven (2020) SELinux System Administration - Third Edition]/zk/20250129175034-selinuxsystemadministration_vermeulen2020/)
Vijayan, Jai (2024) ‘Bootkitty’ First Bootloader to Take Aim at Linux
Watters, Brendan (2019) Introducing Pingback Payloads
Where Warlocks Stay Up Late (2025) Episode 4: Eduart Steiner aka Skyper

Notes

2025-04-03

Notes

No notes link to this note

Recent Posts

Linux Persistence: Modular Software

2025-04-17 DFIR CTF persistence linux persistence apache asterisk

Linux Persistence: Web Shells

2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP

Linux Persistence: Rootkits

2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking

Linux Persistence: Processes

2025-04-11 DFIR persistence processes linux persistence processes

Defanging Linux LKM Rootkits With cleanup_module()

2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit