Bestand wählen
Merken

Runtime Process Infection (part 2)

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
on so because I'm running as a different
user action have to use pseudo or you know after getting route In order to do this if I were running as the dub dub dub USA as the same user as engine axis is running I would have to do that because I'm targeting genetic so of the
here it is 10
25 so what this commanders in checks shared object on test it's the name of
my shellcode my shellcode file and this is the path
to the malicious shared
object that I'm going to reject inject and we see is the function I'm going to hold I we Oh yes
actually along yeah because I have to be of the if quite a
bit no yes I do but so you
see that it's got you know engine exploded and there's probably
that's probably the top line now is probably the heat and then it's got the run-time linker loaded and all the stuff for
credits and PCR and I and hashing libraries and and let's see you have start let's see and with thread the actually what we have to do is we don't know what the run-time linker usually does is in its default configuration it does lady lazy on resolving of functions so the very 1st time you run the very 1st time you run a function you you call a function its address it's not actually not in the GOT it's at the address that's in the GOT is a is a stub address for that points around link and then the run-time linker actually goes and resolves and replaces the GOT addressed the we with that with that country with the with the result that so reduce can connect and medical
received and now we'll do
our injections that some
debugging output there and actually I need to sure goes there that's so I just
restarted and genetics because the already injected the stuff so I need to show show you guys
that when I enter my custom string isn't it doesn't drop me into a shell so now I am going to for in the are going to
inject into the process and now we're
dropped into shell crazy
thank good you thing about the so that is
the presentation does anyone
have any further questions the
Wurzel <Mathematik>
Stochastischer Prozess
Computeranimation
Spyware
Wurzel <Mathematik>
Gruppentheorie
Stochastischer Prozess
Dezimalbruch
Gruppenoperation
Routing
Kartesische Koordinaten
Ordnung <Mathematik>
Computeranimation
Softwaretest
Objekt <Kategorie>
Wurzel <Mathematik>
Stochastischer Prozess
Elektronische Publikation
Computeranimation
Objekt <Kategorie>
Lineares Funktional
Gruppentheorie
Stochastischer Prozess
Wurzel <Mathematik>
Dezimalbruch
Computeranimation
Fermatsche Vermutung
Funktion <Mathematik>
Gruppentheorie
Wurzel <Mathematik>
Stochastischer Prozess
Extrempunkt
Computeranimation
Stellenring
Funktion <Mathematik>
Wurzel <Mathematik>
Stochastischer Prozess
Hauptidealring
Computeranimation
Stellenring
Hauptidealring
Fibonacci-Folge
Gasdruck
Binder <Informatik>
Gerade
Computeranimation
Resultante
Lineares Funktional
Stellenring
Punkt
Adressraum
Kryptologie
Binder <Informatik>
Computeranimation
W3C-Standard
Dynamisches RAM
Thread
Default
Gammafunktion
Manufacturing Execution System
Stellenring
Gruppe <Mathematik>
Witt-Algebra
Konvexe Hülle
Injektivität
Computeranimation
Arithmetisches Mittel
Stellenring
Gruppe <Mathematik>
Spyware
Konfigurationsraum
Computeranimation
Funktion <Mathematik>
Stellenring
Nabel <Mathematik>
Konfigurationsraum
Tropfen
Natürliche Sprache
Nabel <Mathematik>
Computeranimation
Zeichenkette
Stellenring
Stochastischer Prozess
Wurzel <Mathematik>
Dezimalbruch
Klon <Mathematik>
Konfigurationsraum
Nabel <Mathematik>
Computeranimation
Stellenring
Elektronische Publikation
Wurzel <Mathematik>
Stochastischer Prozess
Kommandosprache
Konfigurationsraum
Nabel <Mathematik>
Computeranimation
Stochastischer Prozess
Stellenring
Suite <Programmpaket>
Spyware
Wurzel <Mathematik>
Gruppentheorie
Stochastischer Prozess
ATM
System-on-Chip
Nabel <Mathematik>
Computeranimation
Gammafunktion
Einheit <Mathematik>
Kombinatorische Gruppentheorie
Computeranimation
Computeranimation

Metadaten

Formale Metadaten

Titel Runtime Process Infection (part 2)
Serientitel The Technical BSD Conference 2013
Autor Webb, Shawn
Lizenz CC-Namensnennung 3.0 Unported:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
DOI 10.5446/19177
Herausgeber Berkeley System Distribution (BSD), Andrea Ross
Erscheinungsjahr 2013
Sprache Englisch

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract This presentation will instruct participants on how to inject arbitrary code into a process during runtime. Writing malware on Linux isn't an easy task. Anonymously injecting shared objects has been a frightful task that no one has publicly implemented. This presentation will show how and why malware authors can inject shared objects anonymously in 32bit and 64bit linux and 64bit FreeBSD. The presenter will be releasing a new version of a tool called libhijack. libhijack aims to make injection of arbitrary code and shared objects extremely easy. There will be a live demo injecting a root shell backdoor into multiple programs during runtime.

Ähnliche Filme

Loading...
Feedback