Symbiote Deep-Dive: Analysis of a New, Nearly-Impossible-to-Detect Linux Threat

Interesting rundown. More than 1 guy wrote this: there's a lot of functionality, also a couple of specialities represented. If I think about having to write this, I get a feeling of incredible fatigue. It would never work well, problems installing would happen on half the machines.

I can think of a few ways to detect this that haven't been explicitly mentioned.

I will say that this is exactly what I figured would end up being written once I learned of the existence of BPF. This is why we can't have nice things.