2022-05-20 21:20:24 -04:00
|
|
|
%%INTRODUCTION
|
|
|
|
|
|
|
|
|
|
@report{ransomware_paloalto,
|
|
|
|
|
institution = {Palo Alto Networks},
|
|
|
|
|
title = {Ransomware Threat Report 2022},
|
|
|
|
|
url = {https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/2022-unit42-ransomware-threat-report-final.pdf}
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
@report{ransomware_pwc,
|
|
|
|
|
institution = {PricewaterhouseCoopers},
|
|
|
|
|
title = {Cyber Threats 2021: A year in Retrospect},
|
|
|
|
|
url = {https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf}
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
@report{rootkit_ptsecurity,
|
|
|
|
|
institution = {Positive Technologies},
|
|
|
|
|
title = {Rootkits: evolution and detection methods},
|
|
|
|
|
date = {2021-11-03},
|
|
|
|
|
url = {https://www.ptsecurity.com/ww-en/analytics/rootkits-evolution-and-detection-methods/}
|
2022-05-20 22:58:33 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
@online{ebpf_linux318,
|
|
|
|
|
indextitle={eBPF incorporation in the Linux Kernel 3.18},
|
|
|
|
|
date={2014-12-07},
|
|
|
|
|
url={https://kernelnewbies.org/Linux_3.18}
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
@report{bvp47_report,
|
|
|
|
|
institution = {Pangu Lab},
|
|
|
|
|
title = {Bvp47 Top-tier Backdoor of US NSA Equation Group},
|
|
|
|
|
date = {2022-02-23},
|
|
|
|
|
url = {https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf}
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
@report{bpfdoor_pwc,
|
|
|
|
|
institution = {PricewaterhouseCoopers},
|
|
|
|
|
title = {Cyber Threats 2021: A year in Retrospect},
|
|
|
|
|
url = {https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf},
|
|
|
|
|
pages = {37}
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
@proceedings{ebpf_friends,
|
|
|
|
|
institution = {Datadog},
|
|
|
|
|
author = {Guillaume Fournier, Sylvain Afchainthe},
|
|
|
|
|
organization= {DEFCON 29},
|
|
|
|
|
eventtitle = {Cyber Threats 2021: A year in Retrospect},
|
|
|
|
|
url = {https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/Guillaume%20Fournier%20Sylvain%20Afchain%20Sylvain%20Baubeau%20-%20eBPF%2C%20I%20thought%20we%20were%20friends.pdf}
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
@proceedings{evil_ebpf,
|
|
|
|
|
institution = {NCC Group},
|
|
|
|
|
author = {Jeff Dileo},
|
|
|
|
|
organization= {DEFCON 27},
|
|
|
|
|
eventtitle = {Evil eBPF Practical Abuses of an In-Kernel Bytecode Runtime},
|
|
|
|
|
url = {https://raw.githubusercontent.com/nccgroup/ebpf/master/talks/Evil_eBPF-DC27-v2.pdf}
|
|
|
|
|
},
|
|
|
|
|
|
2022-05-21 16:56:05 -04:00
|
|
|
@online{bad_ebpf,
|
|
|
|
|
author = {Pat Hogan},
|
|
|
|
|
organization= {DEFCON 27},
|
|
|
|
|
eventtitle = {Bad BPF - Warping reality using eBPF},
|
|
|
|
|
url = {https://www.youtube.com/watch?v=g6SKWT7sROQ}
|
|
|
|
|
},
|
|
|
|
|
|
2022-05-20 22:58:33 -04:00
|
|
|
@online{ebpf_windows,
|
|
|
|
|
title={eBPF incorporation in the Linux Kernel 3.18},
|
|
|
|
|
date={2014-12-07},
|
|
|
|
|
url={https://kernelnewbies.org/Linux_3.18}
|
|
|
|
|
},
|
|
|
|
|
@online{ebpf_android,
|
|
|
|
|
title={eBPF for Windows},
|
|
|
|
|
url={https://source.android.com/devices/architecture/kernel/bpf}
|
2022-05-22 08:19:32 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@article{bpf_bsd_origin,
|
|
|
|
|
title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},
|
|
|
|
|
author={Steven McCanne, Van Jacobson},
|
|
|
|
|
institution={Lawrence Berkeley Laboratory},
|
|
|
|
|
date={1992-12-19},
|
|
|
|
|
url={https://www.tcpdump.org/papers/bpf-usenix93.pdf}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@misc{bpf_bsd_origin_bpf_scheme,
|
|
|
|
|
author={Steven McCanne, Van Jacobson},
|
|
|
|
|
institution={Lawrence Berkeley Laboratory},
|
|
|
|
|
date={1992-12-19},
|
|
|
|
|
url={https://www.tcpdump.org/papers/bpf-usenix93.pdf},
|
|
|
|
|
pages={2}
|
2022-05-20 21:20:24 -04:00
|
|
|
}
|
|
|
|
|
|
2022-05-20 22:58:33 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
