admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-18 07:53:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

Further advanced with the library injection, almost finished. Multiple enhancements

Browse Source
This commit is contained in:
h3xduck
2022-06-12 22:34:50 -04:00
parent 0aec74e024
commit 71b093141b
33 changed files with 1875 additions and 544 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
docs/document.out
View File

@@ -46,28 +46,31 @@
\BOOKMARK [1][-]{section.2.9}{ELF\040binaries}{chapter.2}% 46
\BOOKMARK [2][-]{subsection.2.9.1}{The\040ELF\040format\040and\040Lazy\040Binding}{section.2.9}% 47
\BOOKMARK [2][-]{subsection.2.9.2}{Hardening\040ELF\040binaries}{section.2.9}% 48
\BOOKMARK [0][-]{chapter.3}{Analysis\040of\040offensive\040capabilities}{}% 49
\BOOKMARK [1][-]{section.3.1}{eBPF\040maps\040security}{chapter.3}% 50
\BOOKMARK [1][-]{section.3.2}{Abusing\040tracing\040programs}{chapter.3}% 51
\BOOKMARK [2][-]{subsection.3.2.1}{Access\040to\040function\040arguments}{section.3.2}% 52
\BOOKMARK [2][-]{subsection.3.2.2}{Reading\040memory\040out\040of\040bounds}{section.3.2}% 53
\BOOKMARK [2][-]{subsection.3.2.3}{Overriding\040function\040return\040values}{section.3.2}% 54
\BOOKMARK [2][-]{subsection.3.2.4}{Sending\040signals\040to\040user\040programs}{section.3.2}% 55
\BOOKMARK [2][-]{subsection.3.2.5}{Takeaways}{section.3.2}% 56
\BOOKMARK [1][-]{section.3.3}{Memory\040corruption}{chapter.3}% 57
\BOOKMARK [2][-]{subsection.3.3.1}{Attacks\040and\040limitations\040of\040bpf_probe_write_user\(\)}{section.3.3}% 58
\BOOKMARK [2][-]{subsection.3.3.2}{Takeaways}{section.3.3}% 59
\BOOKMARK [1][-]{section.3.4}{Abusing\040networking\040programs}{chapter.3}% 60
\BOOKMARK [2][-]{subsection.3.4.1}{Attacks\040and\040limitations\040of\040networking\040programs}{section.3.4}% 61
\BOOKMARK [2][-]{subsection.3.4.2}{Takeaways}{section.3.4}% 62
\BOOKMARK [0][-]{chapter.4}{Design\040of\040a\040malicious\040eBPF\040rootkit}{}% 63
\BOOKMARK [1][-]{section.4.1}{Rootkit\040architecture}{chapter.4}% 64
\BOOKMARK [1][-]{section.4.2}{Library\040injection\040attacks}{chapter.4}% 65
\BOOKMARK [2][-]{subsection.4.2.1}{ROP\040with\040eBPF}{section.4.2}% 66
\BOOKMARK [2][-]{subsection.4.2.2}{Bypassing\040hardening\040features\040in\040ELFs}{section.4.2}% 67
\BOOKMARK [2][-]{subsection.4.2.3}{Library\040injection\040via\040GOT\040hijacking}{section.4.2}% 68
\BOOKMARK [0][-]{chapter.5}{Evaluation}{}% 69
\BOOKMARK [1][-]{section.5.1}{Developed\040capabilities}{chapter.5}% 70
\BOOKMARK [1][-]{section.5.2}{Rootkit\040use\040cases}{chapter.5}% 71
\BOOKMARK [0][-]{chapter.6}{Related\040work}{}% 72
\BOOKMARK [0][-]{chapter.6}{Bibliography}{}% 73
\BOOKMARK [1][-]{section.2.10}{The\040proc\040filesystem}{chapter.2}% 49
\BOOKMARK [2][-]{subsection.2.10.1}{/proc/<pid>/maps}{section.2.10}% 50
\BOOKMARK [2][-]{subsection.2.10.2}{/proc/<pid>/mem}{section.2.10}% 51
\BOOKMARK [0][-]{chapter.3}{Analysis\040of\040offensive\040capabilities}{}% 52
\BOOKMARK [1][-]{section.3.1}{eBPF\040maps\040security}{chapter.3}% 53
\BOOKMARK [1][-]{section.3.2}{Abusing\040tracing\040programs}{chapter.3}% 54
\BOOKMARK [2][-]{subsection.3.2.1}{Access\040to\040function\040arguments}{section.3.2}% 55
\BOOKMARK [2][-]{subsection.3.2.2}{Reading\040memory\040out\040of\040bounds}{section.3.2}% 56
\BOOKMARK [2][-]{subsection.3.2.3}{Overriding\040function\040return\040values}{section.3.2}% 57
\BOOKMARK [2][-]{subsection.3.2.4}{Sending\040signals\040to\040user\040programs}{section.3.2}% 58
\BOOKMARK [2][-]{subsection.3.2.5}{Takeaways}{section.3.2}% 59
\BOOKMARK [1][-]{section.3.3}{Memory\040corruption}{chapter.3}% 60
\BOOKMARK [2][-]{subsection.3.3.1}{Attacks\040and\040limitations\040of\040bpf_probe_write_user\(\)}{section.3.3}% 61
\BOOKMARK [2][-]{subsection.3.3.2}{Takeaways}{section.3.3}% 62
\BOOKMARK [1][-]{section.3.4}{Abusing\040networking\040programs}{chapter.3}% 63
\BOOKMARK [2][-]{subsection.3.4.1}{Attacks\040and\040limitations\040of\040networking\040programs}{section.3.4}% 64
\BOOKMARK [2][-]{subsection.3.4.2}{Takeaways}{section.3.4}% 65
\BOOKMARK [0][-]{chapter.4}{Design\040of\040a\040malicious\040eBPF\040rootkit}{}% 66
\BOOKMARK [1][-]{section.4.1}{Rootkit\040architecture}{chapter.4}% 67
\BOOKMARK [1][-]{section.4.2}{Library\040injection\040module}{chapter.4}% 68
\BOOKMARK [2][-]{subsection.4.2.1}{ROP\040with\040eBPF}{section.4.2}% 69
\BOOKMARK [2][-]{subsection.4.2.2}{Bypassing\040hardening\040features\040in\040ELFs}{section.4.2}% 70
\BOOKMARK [2][-]{subsection.4.2.3}{Library\040injection\040via\040GOT\040hijacking}{section.4.2}% 71
\BOOKMARK [0][-]{chapter.5}{Evaluation}{}% 72
\BOOKMARK [1][-]{section.5.1}{Developed\040capabilities}{chapter.5}% 73
\BOOKMARK [1][-]{section.5.2}{Rootkit\040use\040cases}{chapter.5}% 74
\BOOKMARK [0][-]{chapter.6}{Related\040work}{}% 75
\BOOKMARK [0][-]{chapter.6}{Bibliography}{}% 76