Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn to detect and investigate malicious payloads hidden in Linux extended file attributes through this 22-minute conference talk from DFIR Prague 2025. Explore how Linux Extended File Attributes function similarly to NTFS Alternate Data Streams and understand their legitimate uses alongside potential security risks. Discover how attackers exploit these attributes to conceal malicious content, encrypted data, and other artifacts that complicate detection and forensic analysis. Master both offensive and defensive perspectives by examining how adversaries hide simple payloads within extended attributes and how security professionals can effectively hunt for and investigate such misuse. Gain practical insights into strengthening your threat hunting methodologies and incident response capabilities when dealing with Linux systems and advanced hiding techniques used by cybercriminals.
