About Arcana

Arcana is a unique threat detection technology with a focus on ELF binary forensics. ELF (Executable & Linking Format) is the most ubiquitous executable format, being used by all Linux/UNIX enterprise servers, and on ~70% of IoT devices.

Demystifying ELF infections and detecting subtle anomalies within ELF artifacts can rapidly identify infections such as persistent backdoors that hook functions and manipulate global data. APT (Advanced persistent threats) often use Virus technology within their hooking and instrumentation methods.

The Arcana binary forensics technology was designed and is maintained by the Elfmaster, and other thought leaders in the esoteric underground of ELF binary hacking, virus design, and reverse engineering.

Arcana has been tested in various Linux distributions for x86(32|64) to scan ELF binaries with an intelligent heuristics engine. Arcana can identify the most subtle infections within an ELF binary, indicating that the program has been compromised in its integrity and functionality.

Currently Arcana supports analysis of ELF executables, shared libraries, and LKM's. Future support for /proc/kcore analysis (Detecting Kernel rootkits), and process-memory forensics.

Arcana starts where other threat detection products leave off.

Adept detection for ELF infection

Arcana uses state of the art ELF forensics reconstruction techniques to restore stripped symbol tables and section headers on obfuscated or stripped binaries.