The background of these research and talks After HACK.LU-2019's talk in 2019 [link], I was asked a lot of questions about Linux process injection that can trigger code execution and yes, one of favorite topic is when it comes to the shellcode used as the payload on injection. As a blue-teamer, following up questions received, put me in a unique state...

Prologue A month ago I wrote about IoT malware for Linux operating system, a Mirai botnet's client variant dubbed as FBOT. The writing [link] was about reverse engineering Linux ELF ARM 32bit to dissect the new encryption that has been used by their January's bot binaries, The threat had been on vacuum state for almost one month after my post,...

Prologue I setup a local brand new ARM base router I bought online around this new year 2020 to replace my old pots, and yesterday, it was soon pwned by malware and I had to reset it to the factory mode to make it work again (never happened before). When the "incident" occurred, the affected router wasn't dead but it was close to a freeze state,...

As promised, this is my additional notes and review about my Keynote talk in 2019.HACK.LU (link) About 2019.HACK.LU HACK.LU is a great conference, thank you for having me this year, I could interact with a lot of infosec community who I already know but haven't met them until now, and I could also get along with old friends in the community...

Prologue There are a lot of botnet aiming multiple architecture of Linux basis internet of thing, and this story is just one of them, but I haven't seen the one coded like this before. Like the most of other posts on our analysis reports in MalwareMustDie blog, this post was started from a request from a friend to take a look at a certain binary that...

Hello, it's unixfreaxjp here. It has been a while since I wrote our own blog, and it is good to be back. Thank you for your patience for all of this time. The background It was after September 2016 when we decided to move our blog and since then I had a lot of fun in learning and experimenting much with "Jekyll" (based on "Poole") and "BlackDoc",...