Olivier Bilodeau & Marc-Étienne M. Léveillé: Hunting Linux Malware for Fun and $flags

Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

Our next announcement is Olivier Bilodeau & Marc-Étienne M. Léveillé’s workshop: Hunting Linux Malware for Fun and $flags.

Server-side Linux malware is a real threat now. Unfortunately, as for its Windows counterpart, most system administrators are inadequately trained or don’t have enough time allocated by their management to analyse and understand the threats that their infrastructures are facing. This tutorial aims at creating an environment where Linux professionals have the opportunity to study such threats safely and in a time-effective fashion.

In this introductory tutorial you will learn to fight real-world Linux malware that targets server environments. Attendees will have to find malicious processes and concealed backdoors in a compromised Web server.

In order to make the tutorial accessible for a range of skill levels several examples of malware will be used with increasing layers of complexity — from scripts to ELF binaries with varying degrees of obfuscation. Additionally, as is common in Capture-The-Flag information security competitions, flags will be hidden throughout the environment for attendees to find.


  • Good understanding of Linux server systems (userland)
  • Laptop with a Linux native system or a Linux virtual machine
  • Pre-installed tools: text-editor, OpenVPN client, gdb
  • Optional: ipython, IDA Pro (proprietary)

Skills to acquire:

  • Live system incident response and forensics using Linux’s standard tool
  • System hardening
  • Inroduction to reverse-engineering obfuscated scripts and binaries

Olivier Bilodeau is the head of Cybersecurity Research at GoSecure a consultancy firm specializing in cybersecurity services for the public and private sector.

With more than 10 years of infosec experience, Olivier worked on Unix servers, managed enterprise networks, wrote open source network access control software and recently worked as a Malware Researcher at ESET. He likes to reverse engineer everything that crosses his path, participate in information security capture-the-flag competitions, hack open source code and brew beer. He has spoken at various conferences (Defcon, Botconf, VirusBulletin, Derbycon, … ), used to lecture on information security at ETS University in Montreal, drives the NorthSec Hacker Jeopardy and co-organises the MontreHack capture-the-flag training initiative. His primary research interests include reverse-engineering tools, Linux and/or embedded malware and honeypots.

You can  follow Olivier on twitter @obilodeau

Marc-Étienne has been a malware researcher at ESET since 2012. He specialises in malware attacking unusual platforms, whether it’s fruity hardware or software from south pole birds. Lately, Marc-Étienne was mostly reverse engineering server-side malware to discover their inner working and operation strategy. His research led to the publication of the Operation Windigo white paper that won Virus Bulletin’s Péter Szőr Award for best research paper in 2014.

Outside his day job, Marc-Étienne enjoys designing challenges for the NorthSec CTF competition. He is also a co-organiser of the MontréHack monthly event. He presented at multiple conferences including CSAW:Threads, CARO Workshop and Marc-Etienne M LeveilleLinuxcon Europe. When he’s not one of the organisers, he loves participating in CTF competitions like a partying gentleman. Outside the cyberspace, Marc-Étienne plays the clarinet and reads comics. He tweets sporadically at @marc_etienne_.

You can follow Marc-Etienne on twitter @marc_etienne_

Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!


Steve co-founded 44CON with Adrian in 2011, running our quarterly training programme and the Call For Papers processes. When not running training Steve likes building hardware, breaking software and writing at https://thedorkweb.substack.com.