DAP/22-E01
Active
Innovation for Defence
October 2021 August 2026
59 months
Zacharia Mansouri, Thibault Debatty
Linux
The goal of the project is to study the different options for injecting a malware on a Linux platform, for making it persistent, performing a privilege escalation, and for establishing a command & control channel with the operator of the malware.
Linux Virtualization Containers
We’ve all been there: a project builds perfectly on your laptop, but the moment your colleague clones it, everything breaks. For years, containers (like Docker) have been the go-to solution for this. But what if you want stronger hardware-level isolation, real persistence for your development environment and the ability to literally “ship your machine” as a single executable file? There comes SmolVM, an open-source, Rust-powered CLI tool that let...
ReadModern container engines like Docker and Podman act as convenient black boxes, obscuring the Linux primitives running behind them. In this guide, we’ll tear down that box by building an entirely rootless, network-isolated, and cgroup-limited Linux container from scratch using only raw Linux commands. By manually orchestrating unshare for namespaces, systemd-run for resource limits, slirp4netns for user-space networking, and pivot_root for filesys...
ReadeBPF has revolutionized Linux kernel tracing and security by allowing user-space programs to safely execute in kernel space, but its power has historically been limited by strict kernel version dependencies. When a kernel structure changes between updates, hardcoded memory offsets break, leading to crashes or silent failures. To overcome this fragility, the ecosystem introduced BPF Type Format and Compile Once Run Everywhere, an elegant mechanism...
Readarpwatch is a lightweight network monitoring tool used to passively observe ARP (Address Resolution Protocol) packets on a local network. It was developed to to track the mapping between IP and MAC address. A change in this mapping is generally an indicator of a MAC spoofing or arp cache poisoning attack. In this situation, arpwatch can send an email alert to administrators.
Read