mirror of
https://github.com/h3xduck/TripleCross.git
synced 2025-12-17 07:33:07 +08:00
Completed the objectives section. Skipping the rest of the chapter
This commit is contained in:
h3xduck
@@ -48,22 +48,22 @@
|
||||
\abx@aux@cite{ebpf_friends}
|
||||
\abx@aux@segm{0}{0}{ebpf_friends}
|
||||
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {1.2}Project objectives}{3}{section.1.2}\protected@file@percent }
|
||||
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {1.3}Regulatory framework}{3}{section.1.3}\protected@file@percent }
|
||||
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {1.3.1}Social and economic environment}{3}{subsection.1.3.1}\protected@file@percent }
|
||||
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {1.3.2}Budget}{3}{subsection.1.3.2}\protected@file@percent }
|
||||
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {2}State of the Art}{4}{chapter.2}\protected@file@percent }
|
||||
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {1.3}Regulatory framework}{4}{section.1.3}\protected@file@percent }
|
||||
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {1.3.1}Social and economic environment}{4}{subsection.1.3.1}\protected@file@percent }
|
||||
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {1.3.2}Budget}{4}{subsection.1.3.2}\protected@file@percent }
|
||||
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {2}State of the Art}{5}{chapter.2}\protected@file@percent }
|
||||
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
|
||||
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
|
||||
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {3}Methods??}{5}{chapter.3}\protected@file@percent }
|
||||
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {3}Methods??}{6}{chapter.3}\protected@file@percent }
|
||||
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
|
||||
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
|
||||
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {4}Results}{6}{chapter.4}\protected@file@percent }
|
||||
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {4}Results}{7}{chapter.4}\protected@file@percent }
|
||||
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
|
||||
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
|
||||
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {5}Conclusion and future work}{7}{chapter.5}\protected@file@percent }
|
||||
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {5}Conclusion and future work}{8}{chapter.5}\protected@file@percent }
|
||||
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
|
||||
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
|
||||
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{Bibliography}{8}{chapter.5}\protected@file@percent }
|
||||
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{Bibliography}{9}{chapter.5}\protected@file@percent }
|
||||
\abx@aux@read@bbl@mdfivesum{D747C591A940D097CD0716131C9FB28E}
|
||||
\abx@aux@refcontextdefaultsdone
|
||||
\abx@aux@defaultrefcontext{0}{ransomware_pwc}{none/global//global/global}
|
||||
@@ -77,4 +77,4 @@
|
||||
\abx@aux@defaultrefcontext{0}{bad_ebpf}{none/global//global/global}
|
||||
\abx@aux@defaultrefcontext{0}{ebpf_friends}{none/global//global/global}
|
||||
\ttl@finishall
|
||||
\gdef \@abspage@last{24}
|
||||
\gdef \@abspage@last{25}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27) 21 MAY 2022 16:55
|
||||
This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27) 21 MAY 2022 19:43
|
||||
entering extended mode
|
||||
restricted \write18 enabled.
|
||||
%&-line parsing enabled.
|
||||
@@ -1172,64 +1172,70 @@ File: ts1txr.fd 2000/12/15 v3.1
|
||||
) [1
|
||||
|
||||
|
||||
] [2] [3]
|
||||
Chapter 2.
|
||||
[4
|
||||
] [2]
|
||||
Overfull \hbox (0.50073pt too wide) in paragraph at lines 353--354
|
||||
[]\T1/txr/m/n/12 Subsequent talks on 2021 by Pat Hogan at DE-F-CON 29[[][]9[][]
|
||||
], and by Guil-laume Fournier
|
||||
[]
|
||||
|
||||
]
|
||||
Chapter 3.
|
||||
[3] [4]
|
||||
Chapter 2.
|
||||
[5
|
||||
|
||||
]
|
||||
Chapter 4.
|
||||
Chapter 3.
|
||||
[6
|
||||
|
||||
]
|
||||
Chapter 5.
|
||||
Chapter 4.
|
||||
[7
|
||||
|
||||
]
|
||||
LaTeX Font Info: Trying to load font information for T1+txtt on input line 3
|
||||
89.
|
||||
Chapter 5.
|
||||
[8
|
||||
|
||||
]
|
||||
LaTeX Font Info: Trying to load font information for T1+txtt on input line 4
|
||||
11.
|
||||
(/usr/share/texlive/texmf-dist/tex/latex/txfonts/t1txtt.fd
|
||||
File: t1txtt.fd 2000/12/15 v3.1
|
||||
)
|
||||
LaTeX Font Info: Trying to load font information for OT1+txr on input line 3
|
||||
89.
|
||||
LaTeX Font Info: Trying to load font information for OT1+txr on input line 4
|
||||
11.
|
||||
|
||||
(/usr/share/texlive/texmf-dist/tex/latex/txfonts/ot1txr.fd
|
||||
File: ot1txr.fd 2000/12/15 v3.1
|
||||
)
|
||||
LaTeX Font Info: Trying to load font information for U+txsya on input line 3
|
||||
89.
|
||||
LaTeX Font Info: Trying to load font information for U+txsya on input line 4
|
||||
11.
|
||||
|
||||
(/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsya.fd
|
||||
File: utxsya.fd 2000/12/15 v3.1
|
||||
)
|
||||
LaTeX Font Info: Trying to load font information for U+txsyb on input line 3
|
||||
89.
|
||||
LaTeX Font Info: Trying to load font information for U+txsyb on input line 4
|
||||
11.
|
||||
|
||||
(/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsyb.fd
|
||||
File: utxsyb.fd 2000/12/15 v3.1
|
||||
)
|
||||
LaTeX Font Info: Trying to load font information for U+txmia on input line 3
|
||||
89.
|
||||
LaTeX Font Info: Trying to load font information for U+txmia on input line 4
|
||||
11.
|
||||
|
||||
(/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxmia.fd
|
||||
File: utxmia.fd 2000/12/15 v3.1
|
||||
)
|
||||
LaTeX Font Info: Trying to load font information for U+txsyc on input line 3
|
||||
89.
|
||||
LaTeX Font Info: Trying to load font information for U+txsyc on input line 4
|
||||
11.
|
||||
|
||||
(/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsyc.fd
|
||||
File: utxsyc.fd 2000/12/15 v3.1
|
||||
)
|
||||
Overfull \hbox (5.34976pt too wide) in paragraph at lines 390--390
|
||||
Overfull \hbox (5.34976pt too wide) in paragraph at lines 412--412
|
||||
\T1/txtt/m/n/12 threat -[] intelligence / cyber -[] year -[] in -[] retrospect
|
||||
/ yir -[] cyber -[] threats -[]
|
||||
[]
|
||||
|
||||
[8
|
||||
[9
|
||||
|
||||
|
||||
] [1
|
||||
@@ -1247,7 +1253,7 @@ pdfTeX warning (ext4): destination with the same identifier (name{page.}) has b
|
||||
een already used, duplicate ignored
|
||||
<to be read again>
|
||||
\relax
|
||||
l.406 \end{document}
|
||||
l.428 \end{document}
|
||||
[2
|
||||
|
||||
] (./document.aux)
|
||||
@@ -1258,8 +1264,8 @@ Package logreq Info: Writing requests to 'document.run.xml'.
|
||||
|
||||
)
|
||||
Here is how much of TeX's memory you used:
|
||||
27171 strings out of 481209
|
||||
430760 string characters out of 5914747
|
||||
27172 strings out of 481209
|
||||
430766 string characters out of 5914747
|
||||
1166131 words of memory out of 5000000
|
||||
43656 multiletter control sequences out of 15000+600000
|
||||
444100 words of font info for 89 fonts, out of 8000000 for 9000
|
||||
@@ -1273,9 +1279,9 @@ tic/uhvb8a.pfb></usr/share/texlive/texmf-dist/fonts/type1/urw/helvetic/uhvr8a.p
|
||||
fb></usr/share/texlive/texmf-dist/fonts/type1/urw/helvetic/uhvr8a.pfb></usr/sha
|
||||
re/texlive/texmf-dist/fonts/type1/urw/times/utmb8a.pfb></usr/share/texlive/texm
|
||||
f-dist/fonts/type1/urw/times/utmr8a.pfb>
|
||||
Output written on document.pdf (24 pages, 161550 bytes).
|
||||
Output written on document.pdf (25 pages, 163459 bytes).
|
||||
PDF statistics:
|
||||
280 PDF objects out of 1000 (max. 8388607)
|
||||
49 named destinations out of 1000 (max. 500000)
|
||||
285 PDF objects out of 1000 (max. 8388607)
|
||||
50 named destinations out of 1000 (max. 500000)
|
||||
111 words of extra memory for PDF output out of 10000 (max. 10000000)
|
||||
|
||||
|
||||
Binary file not shown.
Binary file not shown.
@@ -319,13 +319,14 @@ hmargin=3cm
|
||||
|
||||
As the efforts of the computer security community grow to protect increasingly critical devices and networks from malware infections, so do the techniques used by malicious actors become more sophisticated. Following the incorporation of ever more capable firewalls and Intrusion Detection Systems (IDS), cybercriminals have in turn sought novel attack vectors and exploits in common software, taking advantage of an inevitably larger attack surface that keeps growing due to the continued incorporation of new programs and functionalities into modern computer systems.
|
||||
|
||||
In contrast with ransomware incidents, which remained the most significant and common cyber threat faced by organizations on 2021\cite{ransomware_pwc}, another powerful class of malware called rootkits is found considerably more infrequently, yet it is usually associated to high-profile targeted attacks that lead to greatly impactful consequences.
|
||||
In contrast with ransomware incidents, which remained the most significant and common cyber threat faced by organizations on 2021\cite{ransomware_pwc}, a powerful class of malware called rootkits is found considerably more infrequently, yet it is usually associated to high-profile targeted attacks that lead to greatly impactful consequences.
|
||||
|
||||
A rootkit is a piece of computer software characterized for its advanced stealth capabilities. Once it is installed on a system it remains invisible to the host, usually hiding its related processes and files from the user, while at the same time performing the malicious operations for which it was designed. Common operations include storing keystrokes, sniffing network traffic, exfiltrating sensitive information from the user or the system, or actively modifying critical data at the infected device. The other characteristic functionality is that rootkits seek to achieve persistence on the infected hosts, meaning that they keep running on the system even after a system reboot, without further user interaction or the need of a new compromise.
|
||||
The techniques used for achieving both of these functionalities depend on the type of rootkit developed, a classification usually made depending on the level of privileges on which the rootkit operates in the system.
|
||||
|
||||
\begin{itemize}
|
||||
\item \textbf{User-mode} rootkits run at the same level of privilege as common user applications. They usually work by hijacking legitimate processes on which they may inject code by preloading shared libraries, thus modifying the calls issued to user APIs, on which malicious code is placed by the rootkit. Although easier to build, these rootkits are exposed to detection by common anti-malware programs.
|
||||
%I am mentioning the kernel panic part because that could be considered an advantage for eBPF, there is less worry about crashing the system
|
||||
\item \textbf{Kernel-mode} rootkits run at the same level of privilege as the operating system, thus enjoying unrestricted access to the whole computer. These rootkits usually come as kernel modules or device drivers and, once loaded, they reside in the kernel. This implies that special attention must be taken to avoid programming errors since they could potentially corrupt user or kernel memory, resulting in a fatal kernel panic and a subsequent system reboot, which goes against the original purpose of maintaining stealth.
|
||||
|
||||
Common techniques used for the development of their malicious activities include hooking system calls made to the kernel by user applications (on which malicious code is then injected), or modifying data structures in the kernel to change the data of user programs at runtime. Therefore, trusted programs on an infected machine can no longer be trusted to operate securely.
|
||||
@@ -338,27 +339,48 @@ Historically, kernel-mode rootkits have been tightly associated with espionage a
|
||||
%Yes, I am not mentioning that eBPF comes from "Extended Berkeley Packet %Filters here since apparently it is no longer considered an acronym, we'll %tackle that on the history section
|
||||
eBPF is a technology incorporated in the 3.18 version of the Linux kernel\cite{ebpf_linux318}, which provides the possibility of running code in the kernel without the need of loading a kernel module. Programs are created in a restrictive version of the C language and compiled into eBPF bytecode, which is loaded into the kernel via a new bpf() system call. After a mandatory step of verification by the kernel in which the code is checked to be safe to run, the bytecode is compiled into native machine instructions. These programs can then get access to kernel-exclusive functionalities including network traffic filtering, system calls hooking or tracing.
|
||||
|
||||
Although eBPF has built an outstanding environment for the creation of networking and tracing tools, its ability to run kernel programs without the need to load a kernel module has attracted the attention of multiple APTs. On February 2022, the Chinese security team Pangu Lab reported about a NSA backdoor that remained unnoticed since 2013 that uses eBPF for its networking functionality and that infected military and telecommunications systems worldwide\cite{bvp47_report}. Also on 2022, PwC reports about a China-based threat actor that has targeted telecommunications systems with a eBPF-based backdoor\cite{bpfdoor_pwc}.
|
||||
Although eBPF has built an outstanding environment for the creation of networking and tracing tools, its ability to run kernel programs without the need to load a kernel module has attracted the attention of multiple APTs. On February 2022, the Chinese security team Pangu Lab reported about a NSA backdoor that remained unnoticed since 2013 that used eBPF for its networking functionality and that infected military and telecommunications systems worldwide\cite{bvp47_report}. Also on 2022, PwC reports about a China-based threat actor that has targeted telecommunications systems with a eBPF-based backdoor\cite{bpfdoor_pwc}.
|
||||
|
||||
Moreover, there currently exists official efforts to extend the eBPF technology into Windows\cite{ebpf_windows} and Android systems\cite{ebpf_android}, which spreads the mentioned risks to new platforms. Therefore, we can confidently claim that there is a growing interest on researching the capabilities of eBPF in the context of offensive security, in particular given its potential on becoming a common component found of modern rootkits. This knowledge would be valuable to the computer security community, both in the context of pen-testing and for analysts which need to know about the latest trends in malware to prepare their defences.
|
||||
|
||||
|
||||
\section{Project objectives}
|
||||
The main objective of this project is to compile a comprehensive report of the capabilities in the eBPF technology that could be weaponized by a malicious actor. In particular, we will be focusing on functionalities present in the Linux platform, given the maturity of eBPF on these environments and which therefore offers a wider range of possibilities. We will be approaching this study from a threat actor perspective, meaning that we will develop an eBPF-based rootkit which shows these capabilities live in a current Linux system, including simple proof of concepts (PoC) showing an specific feature, but also by building a realistic rootkit system which weaponizes these PoCs and operates malicious activities.
|
||||
The main objective of this project is to compile a comprehensive report of the capabilities in the eBPF technology that could be weaponized by a malicious actor. In particular, we will be focusing on functionalities present in the Linux platform, given the maturity of eBPF on these environments and which therefore offers a wider range of possibilities. We will be approaching this study from the perspective of a threat actor, meaning that we will develop an eBPF-based rootkit which shows these capabilities live in a current Linux system, including proof of concepts (PoC) showing an specific feature, and also by building a realistic rootkit system which weaponizes these PoCs and operates malicious activities.
|
||||
|
||||
%According to the library guide, previous research should be around here. %Is it the best place tho?
|
||||
Before narrowing down our objectives and selecting an specific list of rootkit capabilities to emulate using eBPF, we need to take into account previous research. The work on this matter by Jeff Dileo from NCC Group at DEFCON 27\cite{evil_ebpf} is particularly relevant, setting the first basis of eBPF ability to overwrite userland data, highlighting the possibility of overwriting the memory of a running process and executing arbitrary code on it.
|
||||
Before narrowing down our objectives and selecting an specific list of rootkit capabilities to emulate using eBPF, we needed to consider previous research. The work on this matter by Jeff Dileo from NCC Group at DEFCON 27\cite{evil_ebpf} is particularly relevant, setting the first basis of eBPF ability to overwrite userland data, highlighting the possibility of overwriting the memory of a running process and executing arbitrary code on it.
|
||||
|
||||
Subsequent talks on 2021 by Pat Hogan at DEFCON 29\cite{bad_ebpf} and by Guillaume Fournier and Sylvain Afchainthe from Datadog at DEFCON 29\cite{ebpf_friends} research deeper on eBPF's ability to behave like a rootkit. In particular, Hogan shows how eBPF can be used to hide the rootkit's presence from the user and to modify data at system calls, whilst Fournier and Afchainthe built the first instance of a backdoor with command-and-control(C2) capabilities, enabling to communicate with the malicious eBPF program by sending network packets to the compromised machine.
|
||||
Subsequent talks on 2021 by Pat Hogan at DEFCON 29\cite{bad_ebpf}, and by Guillaume Fournier and Sylvain Afchainthe from Datadog at DEFCON 29\cite{ebpf_friends}, research deeper on eBPF's ability to behave like a rootkit. In particular, Hogan shows how eBPF can be used to hide the rootkit's presence from the user and to modify data at system calls, whilst Fournier and Afchainthe built the first instance of an eBPF-based backdoor with command-and-control(C2) capabilities, enabling to communicate with the malicious eBPF program by sending network packets to the compromised machine.
|
||||
|
||||
Taking the previous research into account, and on the basis of common functionality usually we described to be usually incorporated at rootkits, the objectives of our research on eBPF is set to be on the following topics:
|
||||
Taking the previous research into account, and on the basis of common functionality we described to be usually incorporated at rootkits, the objectives of our research on eBPF is set to be on the following topics:
|
||||
\begin{itemize}
|
||||
\item Learning eBPF's potential to read/write arbitrary memory.
|
||||
\item Exploring networking capabilities with eBPF packet filters.
|
||||
\item Analysing eBPF's possibilities when hooking system calls and kernel functions.
|
||||
\end{itemize}
|
||||
|
||||
The knowledge gathered by the previous three pillars will be then used as a basis for building our rootkit. We will present different attack vectors and techniques than the ones presented in previous research, although inevitably we will also tackle common points, which will be clearly indicated and on which we will try to perform further research. In essence, our eBPF-based rootkit aims at:
|
||||
\begin{itemize}
|
||||
\item Hijacking the execution of user programs while they are running, injecting libraries and executing malicious code, without impacting their normal execution.
|
||||
\item Featuring a command-and-control module powered by a network backdoor, which can be operated from a remote client. This backdoor should be controlled with stealth in mind, featuring similar mechanisms to those present in rootkits found in the wild.
|
||||
\item Tampering with user data at system calls, resulting in running malware-like programs and for other malicious purposes.
|
||||
\item Achieving stealth, hiding rootkit-related files from the user.
|
||||
\item Achieving rootkit persistence, the rootkit should run after a complete system reboot.
|
||||
\
|
||||
\end{itemize}
|
||||
|
||||
\section{Regulatory framework}
|
||||
%MARCOS-> Is this the appropiate place? Looking at other TFGs it is sometimes here and others in a final chapter
|
||||
|
||||
%TODO - Leaving this for the end
|
||||
|
||||
\subsection{Social and economic environment}
|
||||
%M-> Mentioned talking about community outreach and its role under pentesting
|
||||
|
||||
%TODO - Leaving this for the end
|
||||
|
||||
\subsection{Budget}
|
||||
%TODO - Leaving this for the end
|
||||
|
||||
|
||||
\chapter{State of the Art}
|
||||
|
||||
@@ -7,19 +7,19 @@
|
||||
\defcounter {refsection}{0}\relax
|
||||
\contentsline {section}{\numberline {1.2}Project objectives}{3}{section.1.2}%
|
||||
\defcounter {refsection}{0}\relax
|
||||
\contentsline {section}{\numberline {1.3}Regulatory framework}{3}{section.1.3}%
|
||||
\contentsline {section}{\numberline {1.3}Regulatory framework}{4}{section.1.3}%
|
||||
\defcounter {refsection}{0}\relax
|
||||
\contentsline {subsection}{\numberline {1.3.1}Social and economic environment}{3}{subsection.1.3.1}%
|
||||
\contentsline {subsection}{\numberline {1.3.1}Social and economic environment}{4}{subsection.1.3.1}%
|
||||
\defcounter {refsection}{0}\relax
|
||||
\contentsline {subsection}{\numberline {1.3.2}Budget}{3}{subsection.1.3.2}%
|
||||
\contentsline {subsection}{\numberline {1.3.2}Budget}{4}{subsection.1.3.2}%
|
||||
\defcounter {refsection}{0}\relax
|
||||
\contentsline {chapter}{\numberline {2}State of the Art}{4}{chapter.2}%
|
||||
\contentsline {chapter}{\numberline {2}State of the Art}{5}{chapter.2}%
|
||||
\defcounter {refsection}{0}\relax
|
||||
\contentsline {chapter}{\numberline {3}Methods??}{5}{chapter.3}%
|
||||
\contentsline {chapter}{\numberline {3}Methods??}{6}{chapter.3}%
|
||||
\defcounter {refsection}{0}\relax
|
||||
\contentsline {chapter}{\numberline {4}Results}{6}{chapter.4}%
|
||||
\contentsline {chapter}{\numberline {4}Results}{7}{chapter.4}%
|
||||
\defcounter {refsection}{0}\relax
|
||||
\contentsline {chapter}{\numberline {5}Conclusion and future work}{7}{chapter.5}%
|
||||
\contentsline {chapter}{\numberline {5}Conclusion and future work}{8}{chapter.5}%
|
||||
\defcounter {refsection}{0}\relax
|
||||
\contentsline {chapter}{Bibliography}{8}{chapter.5}%
|
||||
\contentsline {chapter}{Bibliography}{9}{chapter.5}%
|
||||
\contentsfinish
|
||||
|
||||
@@ -73,15 +73,15 @@
|
||||
</rdf:Description>
|
||||
<rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/">
|
||||
<xmp:CreatorTool>LaTeX with hyperref</xmp:CreatorTool>
|
||||
<xmp:ModifyDate>2022-05-21T16:55:20-04:00</xmp:ModifyDate>
|
||||
<xmp:CreateDate>2022-05-21T16:55:20-04:00</xmp:CreateDate>
|
||||
<xmp:MetadataDate>2022-05-21T16:55:20-04:00</xmp:MetadataDate>
|
||||
<xmp:ModifyDate>2022-05-21T19:43:12-04:00</xmp:ModifyDate>
|
||||
<xmp:CreateDate>2022-05-21T19:43:12-04:00</xmp:CreateDate>
|
||||
<xmp:MetadataDate>2022-05-21T19:43:12-04:00</xmp:MetadataDate>
|
||||
</rdf:Description>
|
||||
<rdf:Description rdf:about="" xmlns:xmpRights = "http://ns.adobe.com/xap/1.0/rights/">
|
||||
</rdf:Description>
|
||||
<rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/">
|
||||
<xmpMM:DocumentID>uuid:467B87E0-A1EA-A037-7CB7-0477245DEBC3</xmpMM:DocumentID>
|
||||
<xmpMM:InstanceID>uuid:359875B8-13BC-D4EA-AE90-1C5D9D70EC50</xmpMM:InstanceID>
|
||||
<xmpMM:InstanceID>uuid:7491DB15-2A47-CCF9-0B6E-0E86EE0645C2</xmpMM:InstanceID>
|
||||
</rdf:Description>
|
||||
</rdf:RDF>
|
||||
</x:xmpmeta>
|
||||
|
||||
Reference in New Issue
Block a user