BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsidesluxembourg-2026//speaker//SU38N8
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsidesluxembourg-2026-LL9LUX@pretalx.com
DTSTART;TZID=CET:20260507T144500
DTEND;TZID=CET:20260507T152000
DESCRIPTION:Linux packers and loaders represent a blind spot in modern cybe
 rsecurity defenses. By compressing\, encrypting\, and obfuscating executa
 ble code\, these tools enable fileless\, in-memory execution that bypasses
  traditional detection mechanisms entirely.\nThis presentation dissects th
 e hARMless ARM64 ELF packer/loader to reveal sophisticated evasion techniq
 ues: multi-layer page encryption\, CRC32 integrity verification\, and dire
 ct ARM64 syscall invocation. We expose critical security gaps where EDR so
 lutions lack Linux visibility\, static analysis fails against packed paylo
 ads\, and memory-resident execution defeats forensic recovery. The bad new
 s? Traditional EDR solutions are practically blind on Linux\, static analy
 sis can't keep up with modern packers\, and memory-only execution makes fo
 rensics a nightmare. The good news? Well...let's see it together
DTSTAMP:20260502T115826Z
LOCATION:IFEN room 1\, Workshops and Detection Engineering village (Buildin
 g D)
SUMMARY:Not So hARMless: The Hidden World of Linux Packers and Detection Ch
 allenges - Massimo Bertocchi
URL:https://pretalx.com/bsidesluxembourg-2026/talk/LL9LUX/
END:VEVENT
END:VCALENDAR