Reversing a Go Malware Using Ghidra

symbols

I was called to handle an incident in which a malicious IP address is accessed each time the system boots. They couldn't find out what process is making the connection.

Using one of the BCC eBPF tools called tcpconnect.py, I was able to locate the malicious process that's disguised …

View comments.

more ...

Secure Boot in Arch Linux

success

Unified Kernel Image

Read Arch Wiki for details.

You can generate a UKI via mkinitcpio, first edit its linux.preset config file:

# mkinitcpio preset file for the 'linux' package

#ALL_config="/etc/mkinitcpio.conf"
ALL_kver="/boot/vmlinuz-linux"
ALL_microcode=(/boot/*-ucode.img)

PRESETS=('default' 'fallback')

#default_config="/etc/mkinitcpio.conf"
default_image="/boot/initramfs-linux …

View comments.

more ...