Reversing a Go Malware Using Ghidra
I was called to handle an incident in which a malicious IP address is accessed each time the system boots. They couldn't find out what process is making the connection.
Using one of the BCC eBPF tools called tcpconnect.py
, I was able to locate the malicious process that's disguised …