How to find new suspicious binaries with the AIL framework in 4 easy steps. AIL finds automatically ELF binaries in base64 strings -> we correlate the decoded values, the backdoor binary is then seen in many other items (various web-shells reused it). 10 seconds for the analyst.pic.twitter.com/cONgfqmR3e