DAP/22-E01
Finished
Innovation for Defence
October 2021 December 2025
51 months
Zacharia Mansouri, Thibault Debatty
Linux
The goal of the project is to study the different options for injecting a malware on a Linux platform, for making it persistent, performing a privilege escalation, and for establishing a command & control channel with the operator of the malware.
Embarking on eBPF development often feels frustrating: you are promised the power of “Compile Once, Run Everywhere”, but you are delivered a nightmare of header redefinition errors and cryptic “Error loading vmlinux BTF” messages the moment you move a binary from your dev VM to a real host. This friction usually stems from a subtle mismatch between your build environment’s outdated libraries and your target’s modern kernel, breaking the portabili...
ReadLosing track of a root password can feel genuinely frustrating, whether you’re reviving an old machine or diving back into a forgotten VM. The good news is that Linux’s flexible bootloaders give you an interesting workaround: with physical or console access, you can interrupt the boot sequence, drop straight into a shell, and reclaim the system long before it ever asks for credentials. It’s a clean and fast way to get back in control without rein...
ReadWhile the extended Berkeley Packet Filter (eBPF) it is frequently used for performance monitoring and networking, its ability to attach to almost any kernel function makes it a potent tool for security research and, theoretically, for building stealthy surveillance tools like keyloggers. In this post, we will build a keylogger from scratch using bpftrace. We will move from blind reconnaissance to source code analysis, and finally, to a working sc...
ReadSometimes your disk will get full. That’s the sad reality of life. So one solution can be to move a directory, like /home for example, to dedicated partition on another drive. Good news is, you can do this on a running system, without a single reboot…
Read