ITPUB

Mar 23, 2016 · Information Security

How Malicious ELF Files Evade IDA Pro and What You Can Do About It

The article reveals a novel ELF‑binary manipulation technique that prevents IDA Pro from loading malicious Linux samples, demonstrates reconstruction steps with hex editors, compares other disassemblers, and provides YARA rules and a GitHub script for detection and remediation.