Abstract
This chapter provides a general guideline to clearer sense of tools and techniques that can be used to examine a malicious executable binary in the Linux environment. With the seemingly endless number of malicious code specimens being generated by attackers—often with varying functions and purposes—flexibility and adjustment of the methodology to meet the needs of each individual case is required. A valuable way a malicious code specimen interacts with a victim system, and in turn, to determine the risk that the Malware poses to the system is to monitor certain aspects of the system during the runtime of the specimen. In particular, tools that monitor the host system with network activity is deployed prior to the execution of a subject specimen and during the course of the specimen's runtime; in this way, the tools will capture the activity of the specimen from the moment it is executed. On a Linux system, there are five main aspects relating to the infected system: the files system, system calls, running processes, the /proc directory, and network activity (to include IDS).
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
