In this [RE]laxing new series, I fully reverse a Linux Backdoor (BPFDoor) from start to finish. In Part 4, we discover qmgr commands and techniques to remove logs. We also fix the strings of the command execution environment variables.
These extensive "Deep Dive" segments concentrate on dissecting malware specimens and delving into the individual approaches employed to fully reverse them. Throughout the journey, I attempt to provide explanations of my techniques as much as possible, however, if any ambiguities arise, please feel free to post a comment below.
---
Timestamps:
00:00 Intro
00:41 qmgr
06:20 Shell Commands
07:10 Home = tmp ?
09:25 Speedrunning Strings
12:06 Hiding logs
13:22 Setting PATH
17:44 Reading the Function
20:18 Failure Code
22:35 Recap
---
Software Links Mentioned in Video:
Ghidra: https://ghidra-sre.org/
---
Malware Examined in the video (BPFDoor):
sha256:fd1b20ee5bd429046d3c04e9c675c41e9095bea70e0329bd32d7edd17ebaf68a
MalwareBazaar Link:
https://bazaar.abuse.ch/sample/fd1b20...
---
laurieWIRED Twitter:
https://twitter.com/lauriewired
laurieWIRED Website:
http://lauriewired.com
laurieWIRED Github:
https://github.com/LaurieWired
laurieWIRED HN:
https://news.ycombinator.com/user?id=...
laurieWIRED Reddit:
https://www.reddit.com/user/LaurieWired
