This is both the first and last post of this blog for 2024.
It may sound cliché, but I'll say it anyway—so much has happened this year. I left Beijing after six years of living there, said goodbye to many friends, and moved to Australia in pursuit of a …
more ...
I was called to handle an incident in which a malicious IP address is accessed each time the system boots. They couldn't find out what process is making the connection.
Using one of the BCC eBPF tools called tcpconnect.py, I was able to locate the malicious process that's disguised …