APT Encounters of the Third Kind:
A few weeks ago an ordinary security assessment turned into an incident response whirlwind. It was definitely a first for me, and I was kindly granted permission to outline the events in this blog post. This investigation started scary but turned out be quite fun, and I hope reading it will be informative to you too. I'll be back to posting about my hardware research soon.
- How it started
- What hell is this?
- The NFS Server
- 2nd malicious binary
- Further forensics
- Eureka Moment
- The GOlang thingy
- How the kernel got patched? and why not the golang app?
- What we have so far
- Q&A
