Runtime Process Insemination

Presented at DEF CON 19 (2011), Aug. 5, 2011, 3 p.m. (50 minutes)

Injecting arbitrary code during runtime in linux is a painful process. This presentation discusses current techniques and reveals a new technique not used in other projects. The proposed technique allows for anonymous injection of shared objects, the ability to pwn a process without leaving any physical evidence behind. Libhijack, the tool discussed and released in this presentation, enables injection of shared objects in as little as eight lines of C code. This presentation will demo real-world scenarios of injecting code into end-user processes such as firefox, nautilus, and python.

Presenters:

• Shawn Webb - Security Analyst
  Shawn Webb is a professional security analyst. He works with Linux, FreeBSD, and Windows systems, finding vulnerabilities in in-house applications. He's a proud member and contributor of SoldierX. Twitter: lattera

Links:

• https://defcon.org/html/defcon-19/dc-19-speakers.html#Webb
• https://infocon.org/cons/DEF CON/DEF CON 19/DEF CON 19 video and slides/DEF CON 19 - Shawn Webb - Runtime Process Insemination - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=ZNGIV8UXlgA

Similar Presentations:

• BSidesLV 2019 / Please inject me, a x64 code injection
• BSidesLV 2015 / Injection on Steroids: Code-less Code Injections and 0-Day Techniques
• THOTCON 0x4 (2013) / Runtime Process Insemination