DAP/22-E01
Active
Innovation for Defence
October 2021 August 2026
59 months
Zacharia Mansouri, Thibault Debatty
Linux
The goal of the project is to study the different options for injecting a malware on a Linux platform, for making it persistent, performing a privilege escalation, and for establishing a command & control channel with the operator of the malware.
When you open a terminal, your prompt will typically show something like username@hostname:~$. You can modify this…
ReadImagine you have established a shell on a Linux server. Suddenly, you see another user log in. You want to kick them out immediately to prevent them from investigating, but you must ensure your own connection remains stable. Traditional tools like iptables can be clumsy for this, often requiring complex rule management or risking a lockout of your own session.
ReadSophisticated surveillance tools do not always need to break the system. Often, they simply use it exactly as intended. Imagine a single, lightweight binary capable of running on many Linux server regardless of the underlying kernel version. It silently captures every keystroke without requiring a compiler on the target or loading visible kernel modules. In a previous blog post, we explored this concept using a simple bpftrace script. In this one...
ReadEmbarking on eBPF development often feels frustrating: you are promised the power of “Compile Once, Run Everywhere”, but you are delivered a nightmare of header redefinition errors and cryptic “Error loading vmlinux BTF” messages the moment you move a binary from your dev VM to a real host. This friction usually stems from a subtle mismatch between your build environment’s outdated libraries and your target’s modern kernel, breaking the portabili...
Read