March 17, 2013

The Poor Man's Rootkit: March 17th, 2013

For the second half of March, we will be hosting a talk on The Poorman's Rootkit. This talk will be given by Themson Mester on March 17th at 2pm. In his own words:

This talk will cover how the default binaries and shell environment on a Linux system can be used against you, and why you should care. We will discuss the mindset of an attacker when assessing system functionality, and demonstrate how we can apply this mindset to mimic common Rootkit features.

This is NOT a wizz-bang deep-level talk on LKMs, Inline code hooking, Syscall highjacking, kmem, VFS, LD-Preload abuse or... well anything of that sort, and that is the point. The goal of this talk is to demonstrate the nasty things that can be done on a default system without compiling a single line of code.

We will share some dirty tricks with a focus on illustrating the difference between how attackers and defenders interact with, and assess a host environment. It is our aim to give those who enjoy offense some new approaches to to maintaining persistence on a remote system, while attempting to illuminate the defensive benefits of applying an attacker's mindset in assessing software and system functionality.

For directions to the Lodge, please see: http://binged.it/VNlRYE.

For all other Lodge hosted events, please see our calendar page: https://www.blacklodgeresearch.org/calendar/

Slides: Poor_Mans_Root_Kit_BLR_talk_PUBLIC_2013.pdf