BPFDoor, a UNIX backdoor allegedly used by Chinese threat actors, is a smart backdoor that does not need to open additional ports when the attacker wants to connect to the compromised host. Watch this video as we talk about how it is different from the typical Windows back doors we see every day. First detected five years ago, the tool has been in use for a while, targeting mostly Asian companies. The main feature is its use of a BPF packet filter, sniffing traffic and targeting specific combinations of packets. Then, it redirects the connection to a random port to enable use of an existing normal connection for remote shells.
Watch this video with our founders, Dan and David, to find out more about this backdoor, including two ways to detect it.
To read more about the BPFDoor compromise, read our step-by-step analysis here: https://www.countercraftsec.com/blog/a-step-by-step-bpfdoor-compromise/
Watch this video, featuring CounterCraft CSO Dan Brett and CEO David Barroso, to find out more about MITRE Engage and how to make it work for you.
Subscribe to our YouTube channel for more great insight.