Рет қаралды 667
In this week's SnapShot, we take a look at BPFdoor -- a passive network implant for Linux attributed to Red Menshen, a Chinese threat actor group. This malware allows a threat actor to backdoor a system for remote command execution, without opening any new network ports or firewall rules. For example, if a web application exists on port 80, it can listen and react on the existing port 80, and the implant can be reached over the web application port (even with the web application running). This is because it uses Berkley Packet Filter (BPF) to monitor all network traffic.
In this video, we'll show how to get the implant and controller working and communicating together, discuss some detection strategies, as well as demonstrate a scanning tool to see if you have any compromised hosts in your network.
CHECK THESE OUT IN THE FREE, COMMUNITY EDITION OF OUR PLATFORM
www.snapattack...
ATTACK SESSION
app.snapattack...
ANALYTICS
app.snapattack...
app.snapattack...
SCANNING TOOL
github.com/sna...