DAP/22-E01
Active
Innovation for Defence
October 2021 August 2026
59 months
Zacharia Mansouri, Thibault Debatty
Linux
The goal of the project is to study the different options for injecting a malware on a Linux platform, for making it persistent, performing a privilege escalation, and for establishing a command & control channel with the operator of the malware.
Modern container engines like Docker and Podman act as convenient black boxes, obscuring the Linux primitives running behind them. In this guide, we’ll tear down that box by building an entirely rootless, network-isolated, and cgroup-limited Linux container from scratch using only raw Linux commands. By manually orchestrating unshare for namespaces, systemd-run for resource limits, slirp4netns for user-space networking, and pivot_root for filesys...
ReadeBPF has revolutionized Linux kernel tracing and security by allowing user-space programs to safely execute in kernel space, but its power has historically been limited by strict kernel version dependencies. When a kernel structure changes between updates, hardcoded memory offsets break, leading to crashes or silent failures. To overcome this fragility, the ecosystem introduced BPF Type Format and Compile Once Run Everywhere, an elegant mechanism...
Readarpwatch is a lightweight network monitoring tool used to passively observe ARP (Address Resolution Protocol) packets on a local network. It was developed to to track the mapping between IP and MAC address. A change in this mapping is generally an indicator of a MAC spoofing or arp cache poisoning attack. In this situation, arpwatch can send an email alert to administrators.
ReadLinux Sysadmin Secure Software Development Git Tools Deployment bash
According to GitGuardian, almost 24M secrets were leaked in 2025 in public GitHub commits. Moreover, they claim that 15% of commit authors have leaked secrets, that’s more than 1 out of 7 authors!
Read