ELF, the Executable and Linkable Format, is the standard file format used for Linux and many Unix-like systems to store programs, shared libraries, and object files. It tells the operating system how to load code, where to place sections in memory, and which libraries or symbols the file depends on.
In cybersecurity, ELF matters because most native Linux malware is delivered as an ELF binary. Attackers use it for implants on servers, routers, and appliances, especially where Windows-focused defenses do not apply. Defenders look for suspicious ELF files, unexpected execution from writable directories, unusual permissions, or binaries compiled for the wrong architecture. Static analysis of ELF headers, strings, imports, and embedded configuration can reveal capabilities such as persistence, command-and-control, or privilege escalation. In mixed environments, spotting ELF payloads on edge devices can be an early sign of compromise at the network boundary.