If you’ve taken training about malware analysis, you’ve likely learned how to deal with suspect .exe files, macro-enabled word documents, or obfuscated scripts—all intended for a Windows victim. But what about malicious files targeting a Linux environment? This talk will walk through the basics of what Linux malware looks like and how to analyze it. We’ll walk through setting up an appropriate lab environment for testing, porting best-practices from Windows analysis into a Linux environment, and finally how to use radare2 to both debug and statically analyze a suspicious file.