Skip to content

fengjixuchui/linux-rootkits-red-blue-teams

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits

001-helloworld

001-helloworld

 
 

002-helloworld-fmt

002-helloworld-fmt

 
 

003-helloworld-printk

003-helloworld-printk

 
 

004-helloworld-params

004-helloworld-params

 
 

005-helloworld-sysfs-param

005-helloworld-sysfs-param

 
 

006-process-info-basics

006-process-info-basics

 
 

007-processinfo-threads

007-processinfo-threads

 
 

008-processinfo-binarylocation

008-processinfo-binarylocation

 
 

009-processinfo-lsof

009-processinfo-lsof

 
 

010-processinfo-userid-euserid

010-processinfo-userid-euserid

 
 

011-unremovable-module-no-exit

011-unremovable-module-no-exit

 
 

README.md

README.md

 
 

Repository files navigation

Linux Rootkits for Red Blue Teams

This repository contains the supporting course material for our Linux Rootkits for Red-Blue Teams training

The entire video course is available online: Linux Rootkits for Red-Blue Teams on Pentester Academy

Linux dominates the Server, Embedded and now the Internet of Things (IoT) device market. In recent times, embedded systems and IoT devices in particular have been the weapons of choice in online attacks: botnets like Mirai and Reaper to name a few. Soon the simple attack vectors that these botnets and malware use get patched, it is obvouis that the attacker will move and hide his tools in Kernel mode. This course will teach Red-Blue teams how kernel mode attack kits work and what to go about protecting their systems against it. We will use examples on x86_64, ARM and MIPS based architectures.

This entire course will be run on the latest Linux Kernel 4.15.x. This course is completely hands-on and everything will be taught with practical examples in the form of Kernel Modules written in C. You can however follow this course with a basic knowledge of Linux as we discuss everything from the very basics.

A non-exhaustive list of topics include:

  • Linux Boot Process
  • Browsing the Kernel code
  • Linux Architecture and Process Internals
  • Loadable Kernel Module (LKM) Programming Basics
  • Understading internal kernel structures and the syscall mechanism
  • Interrupt and Process context, Timers and Watchdogs
  • Manipulating internal process structures
  • Hijacking the system call table
  • Subverting kernel memory protections
  • Monitoring the system with Kprobes
  • Kernel syncronization methods and common LKM pitfalls
  • User space - Kernel space data transfers
  • Monitoring a user space process from the kernel
  • Accessing user space process memory
  • Modifying the core kernel code to create custom hooks
  • Understanding the kernel network stack
  • Netfilters and Custom Hooks
  • Network packet filtering and mangling with custom LKMs
  • Analyzing Kernel mode Rootkits
  • Defending against Kernel Mode attacks
  • Chain of trust implementations
  • and other topics

We cover all of these topics in the online course and how to use these files.

About

Linux Rootkits (4.x Kernel)

PentesterAcademy.com/course?id=38

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 94.8%
  • Makefile 5.2%