DAP/22-E01
Finished
Innovation for Defence
October 2021 December 2025
51 months
Zacharia Mansouri, Thibault Debatty
Linux
The goal of the project is to study the different options for injecting a malware on a Linux platform, for making it persistent, performing a privilege escalation, and for establishing a command & control channel with the operator of the malware.
Sophisticated surveillance tools do not always need to break the system. Often, they simply use it exactly as intended. Imagine a single, lightweight binary capable of running on many Linux server regardless of the underlying kernel version. It silently captures every keystroke without requiring a compiler on the target or loading visible kernel modules. In a previous blog post, we explored this concept using a simple bpftrace script. In this one...
ReadEmbarking on eBPF development often feels frustrating: you are promised the power of “Compile Once, Run Everywhere”, but you are delivered a nightmare of header redefinition errors and cryptic “Error loading vmlinux BTF” messages the moment you move a binary from your dev VM to a real host. This friction usually stems from a subtle mismatch between your build environment’s outdated libraries and your target’s modern kernel, breaking the portabili...
ReadLosing track of a root password can feel genuinely frustrating, whether you’re reviving an old machine or diving back into a forgotten VM. The good news is that Linux’s flexible bootloaders give you an interesting workaround: with physical or console access, you can interrupt the boot sequence, drop straight into a shell, and reclaim the system long before it ever asks for credentials. It’s a clean and fast way to get back in control without rein...
ReadWhile the extended Berkeley Packet Filter (eBPF) it is frequently used for performance monitoring and networking, its ability to attach to almost any kernel function makes it a potent tool for security research and, theoretically, for building stealthy surveillance tools like keyloggers. In this post, we will build a keylogger from scratch using bpftrace. We will move from blind reconnaissance to source code analysis, and finally, to a working sc...
Read