DAP/22-E01
Active
Innovation for Defence
October 2021 August 2026
59 months
Zacharia Mansouri, Thibault Debatty
Linux
The goal of the project is to study the different options for injecting a malware on a Linux platform, for making it persistent, performing a privilege escalation, and for establishing a command & control channel with the operator of the malware.
arpwatch is a lightweight network monitoring tool used to passively observe ARP (Address Resolution Protocol) packets on a local network. It was developed to to track the mapping between IP and MAC address. A change in this mapping is generally an indicator of a MAC spoofing or arp cache poisoning attack. In this situation, arpwatch can send an email alert to administrators.
ReadLinux Sysadmin Secure Software Development Git Tools Deployment bash
According to GitGuardian, almost 24M secrets were leaked in 2025 in public GitHub commits. Moreover, they claim that 15% of commit authors have leaked secrets, that’s more than 1 out of 7 authors!
ReadWhen you open a terminal, your prompt will typically show something like username@hostname:~$. You can modify this…
ReadImagine you have established a shell on a Linux server. Suddenly, you see another user log in. You want to kick them out immediately to prevent them from investigating, but you must ensure your own connection remains stable. Traditional tools like iptables can be clumsy for this, often requiring complex rule management or risking a lockout of your own session.
Read