Writing your own Linux Rootkit for fun and profit

Presented at THOTCON 0xA (2019), May 4, 2019, noon (50 minutes).

Rootkits, the most pervasive of backdoors, are the final step in post-exploitation, and also the most fun. This talk will explore the anatomy of LKM rootkits, tour the fundamentals of Linux kernel development, and show you how to write your own rootkit from scratch! We will expose the subversive techniques used to bypass kernel protections, hook system calls, and hide from user space. Finally, we'll look at the effectiveness and strategies for rootkit detection and discuss the security implications that bridge user and kernel space.


Presenters:

  • Marcus Hodges / meta as Marcus Hodges (meta)
    Marcus Hodges (meta) is the Director of Research at Security Innovation, Neg9 CTF team, and enjoys math, Linux, Python, & binary exploits.

Similar Presentations: