Designing BSD Rootkits An Introduction to Kernel Hacking 1st Edition by Joseph Kong – Ebook PDF Instant Download/Delivery: 1593271581, 9781593271589
Full dowload Designing BSD Rootkits An Introduction to Kernel Hacking 1st Edition after payment
Product details:
ISBN 10: 1593271581
ISBN 13: 9781593271589
Author: Joseph Kong
Though rootkits have a fairly negative image, they can be used for both good and evil. Designing BSD Rootkits arms you with the knowledge you need to write offensive rootkits, to defend against malicious ones, and to explore the FreeBSD kernel and operating system in the process. Organized as a tutorial, Designing BSD Rootkits will teach you the fundamentals of programming and developing rootkits under the FreeBSD operating system. Author Joseph Kong’s goal is to make you smarter, not to teach you how to write exploits or launch attacks. You’ll learn how to maintain root access long after gaining access to a computer and how to hack FreeBSD. Kongs liberal use of examples assumes no prior kernel-hacking experience but doesn’t water down the information. All code is thoroughly described and analyzed, and each chapter contains at least one real-world application. Included: –The fundamentals of FreeBSD kernel module programming –Using call hooking to subvert the FreeBSD kernel –Directly manipulating the objects the kernel depends upon for its internal record-keeping –Patching kernel code resident in main memory; in other words, altering the kernel’s logic while it’s still running –How to defend against the attacks described Hack the FreeBSD kernel for yourself!
Designing BSD Rootkits An Introduction to Kernel Hacking 1st Table of contents:
1. LOADABLE KERNEL MODULES
Module Event Handler
The DECLARE_MODULE Macro
“Hello, world!”
System Call Modules
The System Call Function
The sysent Structure
The Offset Value
The SYSCALL_MODULE Macro
Example
The modfind Function
The modstat Function
The syscall Function
Executing the System Call
Executing the System Call Without C Code
Kernel/User Space Transitions
The copyin and copyinstr Functions
The copyout Function
The copystr Function
Character Device Modules
The cdevsw Structure
Character Device Functions
The Device Registration Routine
Example
Testing the Character Device
Linker Files and Modules
Concluding Remarks
2. HOOKING
Hooking a System Call
Keystroke Logging
Kernel Process Tracing
Common System Call Hooks
Communication Protocols
The protosw Structure
The inetsw[ ] Switch Table
The mbuf Structure
Hooking a Communication Protocol
Concluding Remarks
3. DIRECT KERNEL OBJECT MANIPULATION
Kernel Queue Data Structures
The LIST_HEAD Macro
The LIST_HEAD_INITIALIZER Macro
The LIST_ENTRY Macro
The LIST_FOREACH Macro
The LIST_REMOVE Macro
Synchronization Issues
The mtx_lock Function
The mtx_unlock Function
The sx_slock and sx_xlock Functions
The sx_sunlock and sx_xunlock Functions
Hiding a Running Process
The proc Structure
The allproc List
Example
Hiding a Running Process Redux
The hashinit Function
pidhashtbl
The pfind Function
Example
Hiding with DKOM
Hiding an Open TCP-based Port
The inpcb Structure
The tcbinfo.listhead List
Example
Corrupting Kernel Data
Concluding Remarks
4. KERNEL OBJECT HOOKING
Hooking a Character Device
The cdevp_list Tail Queue and cdev_priv Structures
The devmtx Mutex
Example
Concluding Remarks
5. RUN-TIME KERNEL MEMORY PATCHING
Kernel Data Access Library
The kvm_openfiles Function
The kvm_nlist Function
The kvm_geterr Function
The kvm_read Function
The kvm_write Function
The kvm_close Function
Patching Code Bytes
Understanding x86 Call Statements
Patching Call Statements
Allocating Kernel Memory
The malloc Function
The MALLOC Macro
The free Function
The FREE Macro
Example
Allocating Kernel Memory from User Space
Example
Inline Function Hooking
Example
Gotchas
Cloaking System Call Hooks
Concluding Remarks
6. PUTTING IT ALL TOGETHER
What HIDSes Do
Bypassing HIDSes
Execution Redirection
File Hiding
Hiding a KLD
The linker_files List
The linker_file Structure
The modules List
The module Structure
Example
Preventing Access, Modification, and Change Time Updates
Change Time
Example
Proof of Concept: Faking Out Tripwire
Concluding Remarks
7. DETECTION
Detecting Call Hooks
Finding System Call Hooks
Detecting DKOM
Finding Hidden Processes
Finding Hidden Ports
Detecting Run-Time Kernel Memory Patching
Finding Inline Function Hooks
Finding Code Byte Patches
Concluding Remarks
8. CLOSING WORDS
BIBLIOGRAPHY
COLOPHON
People also search for Designing BSD Rootkits An Introduction to Kernel Hacking 1st :
designing bsd rootkits an introduction
designing bsd rootkits an introduction to kernel hacking
root bsd
rootkit description
rootkits and bootkits pdf
Reviews
There are no reviews yet.