Toggle Menu

<-- Back to schedule

Tutorial: Hunting Linux malware for fun and $flags

Wiki Page: Tutorial: Hunting Linux malware for fun and $flags

Server-side Linux malware is a real threat now. Unfortunately, as for its Windows counterpart, most system administrators are inadequately trained or don't have enough time allocated by their management to analyze and understand the threats that their infrastructures are facing. This tutorial aims at creating an environment where Linux professionals have the opportunity to study such threats safely and in a time-effective fashion.

In this introductory tutorial you will learn to fight real-world Linux malware that targets server environments. Attendees will have to find malicious processes and concealed backdoors in a compromised Web server.

In order to make the tutorial accessible for a range of skill levels several examples of malware will be used with increasing layers of complexity -- from scripts to ELF binaries with varying degrees of obfuscation. Additionally, as is common in Capture-The-Flag information security competitions, flags will be hidden throughout the environment for attendees to find.


* Some programming experience
* Good understanding of Linux server systems (userland)
* Pre-installed tools: text-editor, radare2, gdb
* Optional: ipython, IDA Pro (proprietary)

Skills to acquire

* Live system incident response and forensics using Linux's standard tools
* System hardening
* Introduction to reverse-engineering obfuscated scripts and binaries

Marc-Etienne M.Léveillé

Marc-Etienne is a malware researcher at ESET since 2012. He specializes in malware attacking unusual platform, whether it's fruity hardware or software from south pole birds. Lately, Marc-Etienne was mostly reverse engineering server-side malware to discover their inner working and operation strategy. He enjoys participating in CTF competitions like a partying gentleman and playing the clarinet. He tweets sporadically at @marc_etienne_.

Geelong 2016

Our Emperor Penguin Sponsors


About Geelong

Geelong is Victoria's second largest city, located on Corio Bay, and within a short drive from popular beach-front communities on the Bellarine Peninsula as well as being the gateway to the famous Great Ocean Road

More Info » is widely regarded by delegates as one of the best community run Linux conferences worldwide and is the largest Linux and Open Source Software conference in the Asia-Pacific.

Read More »



Our Sponsors help make become the awesome conference everyone comes back to year after year. Come see who's on board this year, or find out how to get in contact with us

Sponsorship »