Detecting the Undetectable: Linux Rootkits

Home » Resources » Webinars » Detecting the Undetectable: Linux Rootkits

2022 has seen a handful of new or resurfaced Linux rootkits, often touted as “highly stealthy” or “nearly undetectable”. But are they really?

In this webinar, Jace Walker, Threat Hunter/Researcher at Binary Defense, will:

Walk through different potential detection methods that incident responders can use to decloak or identify common types of Linux rootkits
Show you clues to look for using Symbiote, OrBit, and Syslogk as examples
Share some suggested methods for removing Rootkits once they’re found

About the Presenter

Jace Walker

Jace Walker is a Threat Hunter/Researcher at Binary Defense. In this role, he researches emerging threats, reverse engineers malware, crafts behavioral detections and performs data-backed hunts in enterprise environments. Jace comes from nearly a decade in Linux system administration, automation, and hardening at a municipal fiber ISP.

img:is([sizes="auto" i],[sizes^="auto," i]){contain-intrinsic-size:3000px 1500px;}.wp-block-audio :where(figcaption){color:#555;font-size:13px;text-align:center;}.is-dark-theme .wp-block-audio :where(figcaption){color:rgba(255,255,255,.65);}.wp-block-audio{margin:0 0 1em;}.wp-block-code{border:1px solid #ccc;border-radius:4px;font-family:Menlo,Consolas,monaco,monospace;padding:.8em 1em;}.wp-block-embed :where(figcaption){color:#555;font-size:13px;text-align:center;}.is-dark-theme .wp-block-embed :where(figcaption){color:rgba(255,255,255,.65);}.wp-block-embed{margin:0 0 1em;}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center;}.is-dark-theme .blocks-gallery-caption{color:rgba(255,255,255,.65);}:root :where(.wp-block-image figcaption){color:#555;font-size:13px;text-align:center;}.is-dark-theme :root :where(.wp-block-image figcaption){color:rgba(255,255,255,.65);}.wp-block-image{margin:0 0 1em;}.wp-block-pullquote{border-bottom:4px solid;border-top:4px solid;color:currentColor;margin-bottom:1.75em;}.wp-block-pullquote cite,.wp-block-pullquote footer,.wp-block-pullquote__citation{color:currentColor;font-size:.8125em;font-style:normal;text-transform:uppercase;}.wp-block-quote{border-left:.25em solid;margin:0 0 1.75em;padding-left:1em;}.wp-block-quote cite,.wp-block-quote footer{color:currentColor;font-size:.8125em;font-style:normal;position:relative;}.wp-block-quote:where(.has-text-align-right){border-left:none;border-right:.25em solid;padding-left:0;padding-right:1em;}.wp-block-quote:where(.has-text-align-center){border:none;padding-left:0;}.wp-block-quote.is-large,.wp-block-quote.is-style-large,.wp-block-quote:where(.is-style-plain){border:none;}.wp-block-search .wp-block-search__label{font-weight:700;}.wp-block-search__button{border:1px solid #ccc;padding:.375em .625em;}:where(.wp-block-group.has-background){padding:1.25em 2.375em;}.wp-block-separator.has-css-opacity{opacity:.4;}.wp-block-separator{border:none;border-bottom:2px solid;margin-left:auto;margin-right:auto;}.wp-block-separator.has-alpha-channel-opacity{opacity:1;}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px;}.wp-block-separator.has-background:not(.is-style-dots){border-bottom:none;height:1px;}.wp-block-separator.has-background:not(.is-style-wide):not(.is-style-dots){height:2px;}.wp-block-table{margin:0 0 1em;}.wp-block-table td,.wp-block-table th{word-break:normal;}.wp-block-table :where(figcaption){color:#555;font-size:13px;text-align:center;}.is-dark-theme .wp-block-table :where(figcaption){color:rgba(255,255,255,.65);}.wp-block-video :where(figcaption){color:#555;font-size:13px;text-align:center;}.is-dark-theme .wp-block-video :where(figcaption){color:rgba(255,255,255,.65);}.wp-block-video{margin:0 0 1em;}:root :where(.wp-block-template-part.has-background){margin-bottom:0;margin-top:0;padding:1.25em 2.375em;}.wp-block-code-snippet-block-dm-code-snippet-block-dm{background-color:#21759b;color:#fff;padding:2px;}.safe-svg-cover{text-align:center;}.safe-svg-cover .safe-svg-inside{display:inline-block;max-width:100%;}.safe-svg-cover svg{height:100%;max-height:100%;max-width:100%;width:100%;}.wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em;}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none;}.entry-meta{display:none !important;}.home .entry-meta{display:none;}.entry-footer{display:none !important;}.home .entry-footer{display:none;}.site-header{--bindef--nav-branding-width-mobile:200px;--bindef--nav-branding-width:200px;}@media only screen and (min-width: 1280px){#off-canvas,.site-drawer{display:none !important;}nav.secondary-menu{display:block !important;}}@media only screen and (min-width: 1050px){nav.main-menu{display:block !important;}}@media only screen and (max-width: 1050px){nav#mega-menu{display:none !important;}}@media only screen and (max-width: 1280px) and (min-width: 1050px){#off-canvas .off-canvas-menu{display:none;}#off-canvas .off-canvas__bottom{flex:1 1 auto;display:flex;flex-direction:column;justify-content:space-between;}}.publish-date{display:none;}.byline{display:none;}

About the Presenter

You May Also Like

Beyond the Platform: Finding an MDR Partner That Works for You

Getting Ahead of Threats: Building an Integrated Defense Strategy with MDR and Incident Response

Harnessing Digital Risk Protection for a Comprehensive Detection and Response Program