Hiding for Persistence: Backdooring Linux Systems

Speaker: Christiaan Ottow

Abstract

While malware on Linux is a little discussed phenomenon, Linux is becoming more and more interesting to cyber criminals. This talk discusses the various ways in which a hacker can backdoor Linux systems, from userland to kernelspace. We discuss hiding on the filesystem and from the process list, persistence and kernel modules for backdooring. An example kernel backdoor is demonstrated and its techniques discussed from the source code as to provide some technical depth. Of course, we briefly consider prevention and detection as well.

Biography

Christiaan Ottow (1984) started out at a young age like most hackers do, by fiddling with computers and programming languages and automating common tasks. After having worked as a developer and system administrator, Christiaan started applying his knowledge of computer systems to breaking and improving security controls. Having received his Master's degree in Computer Security from the University of Twente, Christiaan started applying his security skills professionally through penetration testing, code auditing and consulting at Pine Digital Security.

Nowadays, as CTO Security Christiaan is involved with the quality and development of Computest's security services. Christiaan likes to keep close track of trends in the security industry, but also likes hands-on security like participating in penetration tests, playing CTF games and finding a good balance between security and usability in organizations.