Runtime Process Infection (part 2)

Cite

Berkeley System Distribution (BSD), Andrea Ross

Webb, Shawn

Formal Metadata

Title

Runtime Process Infection (part 2)

Title of Series

The Technical BSD Conference 2013

Number of Parts

Author

Webb, Shawn

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/19177 (DOI)

Publisher

Berkeley System Distribution (BSD), Andrea Ross

Release Date

2013

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

This presentation will instruct participants on how to inject arbitrary code into a process during runtime. Writing malware on Linux isn't an easy task. Anonymously injecting shared objects has been a frightful task that no one has publicly implemented. This presentation will show how and why malware authors can inject shared objects anonymously in 32bit and 64bit linux and 64bit FreeBSD. The presenter will be releasing a new version of a tool called libhijack. libhijack aims to make injection of arbitrary code and shared objects extremely easy. There will be a live demo injecting a root shell backdoor into multiple programs during runtime.