Anti-Cast: Forensicating Linux LD_PRELOAD Rootkits with Hal Pomeranz
Widespread availability of PoC Linux LD_PRELOAD rootkits means that even trivial cryptomining attacks are starting to deploy them. This talk demonstrates a simple LD_PRELOAD rootkit and techniques for detecting them in a live response scenario and by memory analysis. Get the jump on your adversaries ...