docs/bibliography/bibliography.bib

%%INTRODUCTION

@report{ransomware_paloalto,
	institution = {Palo Alto Networks},
	title = {Ransomware Threat Report 2022},
	url = {https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/2022-unit42-ransomware-threat-report-final.pdf}
},

@report{ransomware_pwc,
	institution = {PricewaterhouseCoopers},
	title = {Cyber Threats 2021: A year in Retrospect},
	url = {https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf}
},

@report{rootkit_ptsecurity,
	institution = {Positive Technologies},
	title = {Rootkits: evolution and detection methods},
	date = {2021-11-03},
	url = {https://www.ptsecurity.com/ww-en/analytics/rootkits-evolution-and-detection-methods/}
},

@online{ebpf_linux318,
	indextitle={eBPF incorporation in the Linux Kernel 3.18},
	date={2014-12-07},
	url={https://kernelnewbies.org/Linux_3.18}
},

@report{bvp47_report,
	institution = {Pangu Lab},
	title = {Bvp47 Top-tier Backdoor of US NSA Equation Group},
	date = {2022-02-23},
	url = {https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf}
},

@report{bpfdoor_pwc,
	institution = {PricewaterhouseCoopers},
	title = {Cyber Threats 2021: A year in Retrospect},
	url = {https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf},
	pages = {37}
},

@proceedings{ebpf_friends,
	institution = {Datadog},
	author = {Guillaume Fournier, Sylvain Afchainthe},
	organization= {DEFCON 29},
	eventtitle = {Cyber Threats 2021: A year in Retrospect},
	url = {https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/Guillaume%20Fournier%20Sylvain%20Afchain%20Sylvain%20Baubeau%20-%20eBPF%2C%20I%20thought%20we%20were%20friends.pdf}
},

@proceedings{evil_ebpf,
	institution = {NCC Group},
	author = {Jeff Dileo},
	organization= {DEFCON 27},
	eventtitle = {Evil eBPF Practical Abuses of an In-Kernel Bytecode Runtime},
	url = {https://raw.githubusercontent.com/nccgroup/ebpf/master/talks/Evil_eBPF-DC27-v2.pdf}
},

@online{bad_ebpf,
	author = {Pat Hogan},
	organization= {DEFCON 27},
	eventtitle = {Bad BPF - Warping reality using eBPF},
	url = {https://www.youtube.com/watch?v=g6SKWT7sROQ}
},

@online{ebpf_windows,
	title={eBPF incorporation in the Linux Kernel 3.18},
	date={2014-12-07},
	url={https://kernelnewbies.org/Linux_3.18}
},
@online{ebpf_android,
	title={eBPF for Windows},
	url={https://source.android.com/devices/architecture/kernel/bpf}
},


@article{bpf_bsd_origin,
	title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},
	author={Steven McCanne, Van Jacobson},
	institution={Lawrence Berkeley Laboratory},
	date={1992-12-19},
	url={https://www.tcpdump.org/papers/bpf-usenix93.pdf}
},

@article{bpf_bsd_origin_bpf_page1,
	title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},
	author={Steven McCanne, Van Jacobson},
	institution={Lawrence Berkeley Laboratory},
	date={1992-12-19},
	url={https://www.tcpdump.org/papers/bpf-usenix93.pdf},
	pages={1}
},

@article{bpf_bsd_origin_bpf_page5,
	title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},
	author={Steven McCanne, Van Jacobson},
	institution={Lawrence Berkeley Laboratory},
	date={1992-12-19},
	url={https://www.tcpdump.org/papers/bpf-usenix93.pdf},
	pages={5}
},

@article{bpf_bsd_origin_bpf_page7,
	title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},
	author={Steven McCanne, Van Jacobson},
	institution={Lawrence Berkeley Laboratory},
	date={1992-12-19},
	url={https://www.tcpdump.org/papers/bpf-usenix93.pdf},
	pages={7}
},

@article{bpf_bsd_origin_bpf_page8,
	title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},
	author={Steven McCanne, Van Jacobson},
	institution={Lawrence Berkeley Laboratory},
	date={1992-12-19},
	url={https://www.tcpdump.org/papers/bpf-usenix93.pdf},
	pages={8}
},

@online{ebpf_history_opensource,
	title={An intro to using eBPF to filter packets in the Linux kernel},
	date={2017-08-11},
	url={https://opensource.com/article/17/9/intro-ebpf}
},

@manual{ebpf_io,
	title={eBPF Documentation},
	url={https://ebpf.io/what-is-ebpf/}
},

@manual{index_register,
	title={Index register},
	url={https://gunkies.org/wiki/Index_register}
}

@online{bpf_organicprogrammer_analysis,
	title={Write a Linux packet sniffer from scratch: part two- BPF},
	date={2022-03-28},
	url={https://organicprogrammer.com/2022/03/28/how-to-implement-libpcap-on-linux-with-raw-socket-part2/}
},

@manual{tcpdump_page,
	title={Tcpdump & Libpcap},
	url={https://www.tcpdump.org}
},
Added partial motivation section 2022-05-20 21:20:24 -04:00			`%%INTRODUCTION`

			`@report{ransomware_paloalto,`
			`institution = {Palo Alto Networks},`
			`title = {Ransomware Threat Report 2022},`
			`url = {https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/2022-unit42-ransomware-threat-report-final.pdf}`
			`},`

			`@report{ransomware_pwc,`
			`institution = {PricewaterhouseCoopers},`
			`title = {Cyber Threats 2021: A year in Retrospect},`
			`url = {https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf}`
			`},`

			`@report{rootkit_ptsecurity,`
			`institution = {Positive Technologies},`
			`title = {Rootkits: evolution and detection methods},`
			`date = {2021-11-03},`
			`url = {https://www.ptsecurity.com/ww-en/analytics/rootkits-evolution-and-detection-methods/}`
Completed motivation 2022-05-20 22:58:33 -04:00			`},`

			`@online{ebpf_linux318,`
			`indextitle={eBPF incorporation in the Linux Kernel 3.18},`
			`date={2014-12-07},`
			`url={https://kernelnewbies.org/Linux_3.18}`
			`},`

			`@report{bvp47_report,`
			`institution = {Pangu Lab},`
			`title = {Bvp47 Top-tier Backdoor of US NSA Equation Group},`
			`date = {2022-02-23},`
			`url = {https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf}`
			`},`

			`@report{bpfdoor_pwc,`
			`institution = {PricewaterhouseCoopers},`
			`title = {Cyber Threats 2021: A year in Retrospect},`
			`url = {https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf},`
			`pages = {37}`
			`},`

			`@proceedings{ebpf_friends,`
			`institution = {Datadog},`
			`author = {Guillaume Fournier, Sylvain Afchainthe},`
			`organization= {DEFCON 29},`
			`eventtitle = {Cyber Threats 2021: A year in Retrospect},`
			`url = {https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/Guillaume%20Fournier%20Sylvain%20Afchain%20Sylvain%20Baubeau%20-%20eBPF%2C%20I%20thought%20we%20were%20friends.pdf}`
			`},`

			`@proceedings{evil_ebpf,`
			`institution = {NCC Group},`
			`author = {Jeff Dileo},`
			`organization= {DEFCON 27},`
			`eventtitle = {Evil eBPF Practical Abuses of an In-Kernel Bytecode Runtime},`
			`url = {https://raw.githubusercontent.com/nccgroup/ebpf/master/talks/Evil_eBPF-DC27-v2.pdf}`
			`},`

Went on with the objectives section 2022-05-21 16:56:05 -04:00			`@online{bad_ebpf,`
			`author = {Pat Hogan},`
			`organization= {DEFCON 27},`
			`eventtitle = {Bad BPF - Warping reality using eBPF},`
			`url = {https://www.youtube.com/watch?v=g6SKWT7sROQ}`
			`},`

Completed motivation 2022-05-20 22:58:33 -04:00			`@online{ebpf_windows,`
			`title={eBPF incorporation in the Linux Kernel 3.18},`
			`date={2014-12-07},`
			`url={https://kernelnewbies.org/Linux_3.18}`
			`},`
			`@online{ebpf_android,`
			`title={eBPF for Windows},`
			`url={https://source.android.com/devices/architecture/kernel/bpf}`
Continued with the state of the art section 2022-05-22 08:19:32 -04:00			`},`



			`@article{bpf_bsd_origin,`
			`title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},`
			`author={Steven McCanne, Van Jacobson},`
			`institution={Lawrence Berkeley Laboratory},`
			`date={1992-12-19},`
			`url={https://www.tcpdump.org/papers/bpf-usenix93.pdf}`
Continued with classic bpf explanations 2022-05-22 19:57:47 -04:00			`},`
Continued with the state of the art section 2022-05-22 08:19:32 -04:00
Continued with classic bpf explanations 2022-05-22 19:57:47 -04:00			`@article{bpf_bsd_origin_bpf_page1,`
			`title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},`
Continued with the state of the art section 2022-05-22 08:19:32 -04:00			`author={Steven McCanne, Van Jacobson},`
			`institution={Lawrence Berkeley Laboratory},`
			`date={1992-12-19},`
			`url={https://www.tcpdump.org/papers/bpf-usenix93.pdf},`
Continued with classic bpf explanations 2022-05-22 19:57:47 -04:00			`pages={1}`
			`},`

ALmost completed cbpf explantion 2022-05-23 06:17:21 -04:00			`@article{bpf_bsd_origin_bpf_page5,`
			`title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},`
			`author={Steven McCanne, Van Jacobson},`
			`institution={Lawrence Berkeley Laboratory},`
			`date={1992-12-19},`
			`url={https://www.tcpdump.org/papers/bpf-usenix93.pdf},`
			`pages={5}`
			`},`

			`@article{bpf_bsd_origin_bpf_page7,`
			`title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},`
			`author={Steven McCanne, Van Jacobson},`
			`institution={Lawrence Berkeley Laboratory},`
			`date={1992-12-19},`
			`url={https://www.tcpdump.org/papers/bpf-usenix93.pdf},`
			`pages={7}`
			`},`

			`@article{bpf_bsd_origin_bpf_page8,`
			`title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},`
			`author={Steven McCanne, Van Jacobson},`
			`institution={Lawrence Berkeley Laboratory},`
			`date={1992-12-19},`
			`url={https://www.tcpdump.org/papers/bpf-usenix93.pdf},`
			`pages={8}`
			`},`

Continued with classic bpf explanations 2022-05-22 19:57:47 -04:00			`@online{ebpf_history_opensource,`
			`title={An intro to using eBPF to filter packets in the Linux kernel},`
			`date={2017-08-11},`
			`url={https://opensource.com/article/17/9/intro-ebpf}`
			`},`

			`@manual{ebpf_io,`
			`title={eBPF Documentation},`
			`url={https://ebpf.io/what-is-ebpf/}`
			`},`

			`@manual{index_register,`
			`title={Index register},`
			`url={https://gunkies.org/wiki/Index_register}`
Added partial motivation section 2022-05-20 21:20:24 -04:00			`}`

ALmost completed cbpf explantion 2022-05-23 06:17:21 -04:00			`@online{bpf_organicprogrammer_analysis,`
			`title={Write a Linux packet sniffer from scratch: part two- BPF},`
			`date={2022-03-28},`
			`url={https://organicprogrammer.com/2022/03/28/how-to-implement-libpcap-on-linux-with-raw-socket-part2/}`
Fixed some diagrams 2022-05-23 08:47:39 -04:00			`},`

			`@manual{tcpdump_page,`
			`title={Tcpdump & Libpcap},`
			`url={https://www.tcpdump.org}`
			`},`
ALmost completed cbpf explantion 2022-05-23 06:17:21 -04:00
Completed motivation 2022-05-20 22:58:33 -04:00


Continued with classic bpf explanations 2022-05-22 19:57:47 -04:00