Anti-Cast | Forensicating Linux LD_PRELOAD Rootkits

Widespread availability of PoC Linux LD_PRELOAD rootkits means that even trivial cryptomining attacks are starting to deploy them. This talk demonstrates a simple LD_PRELOAD rootkit and techniques for detecting them in a live response scenario and by memory analysis. Get the jump on your adversaries with this fast-paced, practical introduction.

Chat with your fellow attendees in the Antisyphon Discord server here: https://discord.gg/antisyphon — in the #webcast-livestreams channel

Hal Pomeranz is an independent digital forensic investigator who has consulted on cases ranging from intellectual property theft, to employee sabotage, to organized cybercrime and malicious software infrastructures. He has spent more than thirty years providing pragmatic Information Technology and Security solutions for some of the world’s largest commercial, government, and academic institutions.