BSides Atlanta 2023

Dissecting Linux malware from the Windows
2023-10-14 , Room 401

Moving from Windows reversing to Linux can seem daunting. Aside from the differences between the two operating systems, Linux runs on a wide range of different architectures and devices. This talk will cover the basics of Linux malware reverse engineering from the perspective of a primarily Windows reverse engineer. It will cover the differences in APIs and system calls between the two operating systems, different architectures, tools and various pitfalls encountered when moving from Windows to Linux reverse engineering.

Steve "crudd" Rudd is a Lead Information Security Engineer at Lumen Technologies responsible for reverse engineering malware samples across a wide variety of architectures and operating systems from a broad range of threats, including cybercriminals, ransomware operators and APTs. In addition to reversing network protocols and gleaning IoCs from custom loaders and implants to aid in investigations, Steve develops the automated threat validation capabilities of Black Lotus Labs through bot emulation and C2 validation to track and disrupt threats at scale. A self-taught practitioner, Steve is passionate about understanding how things work and digging into low-level assembly, operating system internals and network protocols