BPFDoor and So Much More: An Analysis of Linux Network Passive Backdoors

Presented by

Nicole Carignan, CounterCraft, Customer Success Manager, and David Barroso, CounterCraft, CEO

About this talk

Passive backdoors are implants designed to be stealthier than common backdoors, especially by avoiding listening on ports or pinging back to a Command and Control server. Over the last few years, we have detected a number of different passive Linux backdoors used in post-exploitation phases. Adversaries are actively using these network backdoors as a stealthy persistence technique. Follow a BPFDoor compromise step-by-step to see how this stealthy, custom backdoor has gone five years undetected by blending malicious traffic blends into legitimate traffic. This unique Linux backdoor is incredibly effective at gaining persistence on targeted systems, typically in telecommunications, government, education, and logistics organizations. Join Nicole Carignan, CounterCraft Customer Success Manager, and David Barroso, CEO, to discuss passive Linux backdoors, talk through the BPFDoor compromise in step-by-step detail, go over the TTPs, and talk about the possible implications of this compromise going forward. Attendees of the webinar will receive: + The current intel from the attack + Information on how to detect BPFDoor compromise + Resources for further reading

Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (7)
Subscribers (672)
CounterCraft is a cyber deception platform that offers active defense powered by high-interaction deception technology. Countercraft detects threats early, collects personalized, actionable intelligence, and enables organizations to defend their valuable data in real time.