Added new rootkit overall diagram for architecture section

2025-12-16 23:33:06 +08:00 · 2022-06-11 22:20:27 -04:00
parent d7a9b0e777
commit c14b407644
11 changed files with 262 additions and 241 deletions
--- a/docs/chapters/chapter4.tex
+++ b/docs/chapters/chapter4.tex
@@ -1,18 +1,26 @@
 \chapter{Design of a malicious eBPF rootkit}
-In the previous chapter, we discussed the functionality of eBPF programs from a security standpoint, detailing which helpers and program types are particularly useful for developing malicious programs, and analysing some techniques (stack scanning, overwriting packets together with TCP retransmissions) which helps us circumvent some of the restrictions of eBPF and find new attack vectors.
+In the previous chapter, we discussed the capabilities of eBPF programs from a security standpoint, detailing which helpers and program types are particularly useful for developing malicious programs, and analysing some techniques (stack scanning, overwriting packets together with TCP retransmissions) which helps us circumvent some of the limitations of eBPF.

-Taking as a basis these capabilities, this chapter is now dedicated to a comprehensive description of the advanced techniques and functionalities implemented in our eBPF rootkit, which show how these capabilities can lead to the creation of a real malicious application. As we mentioned during the project objectives, our goals for our rootkit include the following:
+Taking as a basis these capabilities, this chapter is now dedicated to a comprehensive description of our rootkit, including the techniques and functionalities implemented, thus showing how these capabilities can lead to the creation of a real malicious application. As we mentioned during the project objectives, our goals for our rootkit include the following:
 \begin{itemize}
 \item Hijacking the execution of user programs while they are running, injecting libraries and executing malicious code, without impacting their normal execution.
 \item Featuring a command-and-control module powered by a network backdoor, which can be operated from a remote client. This backdoor should be controlled with stealth in mind, featuring similar mechanisms to those present in rootkits found in the wild.
 \item Tampering with user data at system calls, resulting in running malware-like programs and for other malicious purposes.
 \item Achieving stealth, hiding rootkit-related files from the user.
 \item Achieving rootkit persistence, the rootkit should run after a complete system reboot.
-
 \end{itemize}
-%TODO maybe this is the place to mention that, on top of those, explaining some of the DEFCON techniques will be done too. Im particular interested on the one of hiding the kernel log message of bpf_probe_write_user and on ROP.

-We will be exploring each functionality individually, presenting the necessary background on each of them, and offering a final comprehensive view on how each of the systems work.
+We will firstly present an overview on the rootkit architecture and design. Afterwards, we will be exploring each functionality individually, offering a comprehensive view on how each of the systems work.
+
+\section{Rootkit architecture}
+%TODO
+\begin{figure}[htbp]
+	\centering
+	\includegraphics[width=15.5cm]{rootkit.jpg}
+	\caption{Overview of the rootkit subsystems and components.}
+	\label{fig:rootkit}
+\end{figure}
+

 \section{Library injection attacks}
 In this section, we will discuss how to hijack an user process running in the system so that it executes arbitrary code instructed from an eBPF program. For this, we will be injecting a library which will be executed by taking advantage of the fact that the GOT section in ELFs is flagged as writable (as we introduced in section \ref{subsection:elf_lazy_binding} and using the stack scanning technique covered in section \ref{subsection:bpf_probe_write_apps}. This injection will be stealthy (it must not crash the process), and will be able to hijack privileged programs such as systemd, so that the code is executed as root.
--- a/docs/document.aux
+++ b/docs/document.aux
@@ -473,44 +473,47 @@
 \@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {4}Design of a malicious eBPF rootkit}{64}{chapter.4}\protected@file@percent }
 \@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
 \@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {4.1}Library injection attacks}{64}{section.4.1}\protected@file@percent }
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {4.1}Rootkit architecture}{64}{section.4.1}\protected@file@percent }
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {4.2}Library injection attacks}{64}{section.4.2}\protected@file@percent }
 \abx@aux@cite{evil_ebpf_p6974}
 \abx@aux@segm{0}{0}{evil_ebpf_p6974}
 \abx@aux@cite{evil_ebpf_p6974}
 \abx@aux@segm{0}{0}{evil_ebpf_p6974}
+\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {4.1}{\ignorespaces Overview of the rootkit subsystems and components.\relax }}{65}{figure.caption.60}\protected@file@percent }
+\newlabel{fig:rootkit}{{4.1}{65}{Overview of the rootkit subsystems and components.\relax }{figure.caption.60}{}}
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {4.2.1}ROP with eBPF}{65}{subsection.4.2.1}\protected@file@percent }
+\newlabel{subsection:rop_ebpf}{{4.2.1}{65}{ROP with eBPF}{subsection.4.2.1}{}}
 \abx@aux@cite{glibc}
 \abx@aux@segm{0}{0}{glibc}
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {4.1.1}ROP with eBPF}{65}{subsection.4.1.1}\protected@file@percent }
-\newlabel{subsection:rop_ebpf}{{4.1.1}{65}{ROP with eBPF}{subsection.4.1.1}{}}
-\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {4.1}{\ignorespaces Initial setup for the ROP with eBPF technique.\relax }}{65}{figure.caption.60}\protected@file@percent }
-\newlabel{fig:rop_evil_ebpf_1}{{4.1}{65}{Initial setup for the ROP with eBPF technique.\relax }{figure.caption.60}{}}
-\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {4.2}{\ignorespaces Process memory after syscall exits and ROP code overwrites the stack.\relax }}{66}{figure.caption.61}\protected@file@percent }
-\newlabel{fig:rop_evil_ebpf_2}{{4.2}{66}{Process memory after syscall exits and ROP code overwrites the stack.\relax }{figure.caption.61}{}}
+\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {4.2}{\ignorespaces Initial setup for the ROP with eBPF technique.\relax }}{66}{figure.caption.61}\protected@file@percent }
+\newlabel{fig:rop_evil_ebpf_1}{{4.2}{66}{Initial setup for the ROP with eBPF technique.\relax }{figure.caption.61}{}}
+\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {4.3}{\ignorespaces Process memory after syscall exits and ROP code overwrites the stack.\relax }}{67}{figure.caption.62}\protected@file@percent }
+\newlabel{fig:rop_evil_ebpf_2}{{4.3}{67}{Process memory after syscall exits and ROP code overwrites the stack.\relax }{figure.caption.62}{}}
 \abx@aux@cite{canary_exploit}
 \abx@aux@segm{0}{0}{canary_exploit}
-\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {4.3}{\ignorespaces Stack data is restored and program continues its execution.\relax }}{67}{figure.caption.62}\protected@file@percent }
-\newlabel{fig:rop_evil_ebpf_3}{{4.3}{67}{Stack data is restored and program continues its execution.\relax }{figure.caption.62}{}}
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {4.1.2}Bypassing hardening features in ELFs}{67}{subsection.4.1.2}\protected@file@percent }
+\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {4.4}{\ignorespaces Stack data is restored and program continues its execution.\relax }}{68}{figure.caption.63}\protected@file@percent }
+\newlabel{fig:rop_evil_ebpf_3}{{4.4}{68}{Stack data is restored and program continues its execution.\relax }{figure.caption.63}{}}
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {4.2.2}Bypassing hardening features in ELFs}{68}{subsection.4.2.2}\protected@file@percent }
 \abx@aux@cite{pie_exploit}
 \abx@aux@segm{0}{0}{pie_exploit}
-\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {4.4}{\ignorespaces Two runs of the same executable using ASLR, showing a library and two symbols.\relax }}{68}{figure.caption.63}\protected@file@percent }
-\newlabel{fig:alsr_offset}{{4.4}{68}{Two runs of the same executable using ASLR, showing a library and two symbols.\relax }{figure.caption.63}{}}
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {4.1.3}Library injection via GOT hijacking}{69}{subsection.4.1.3}\protected@file@percent }
-\newlabel{subsection:got_attack}{{4.1.3}{69}{Library injection via GOT hijacking}{subsection.4.1.3}{}}
-\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {4.5}{\ignorespaces Call to the glibc function, using objdump\relax }}{70}{figure.caption.64}\protected@file@percent }
-\newlabel{fig:firstcall}{{4.5}{70}{Call to the glibc function, using objdump\relax }{figure.caption.64}{}}
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {5}Evaluation}{71}{chapter.5}\protected@file@percent }
+\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {4.5}{\ignorespaces Two runs of the same executable using ASLR, showing a library and two symbols.\relax }}{69}{figure.caption.64}\protected@file@percent }
+\newlabel{fig:alsr_offset}{{4.5}{69}{Two runs of the same executable using ASLR, showing a library and two symbols.\relax }{figure.caption.64}{}}
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {4.2.3}Library injection via GOT hijacking}{70}{subsection.4.2.3}\protected@file@percent }
+\newlabel{subsection:got_attack}{{4.2.3}{70}{Library injection via GOT hijacking}{subsection.4.2.3}{}}
+\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {4.6}{\ignorespaces Call to the glibc function, using objdump\relax }}{71}{figure.caption.65}\protected@file@percent }
+\newlabel{fig:firstcall}{{4.6}{71}{Call to the glibc function, using objdump\relax }{figure.caption.65}{}}
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {5}Evaluation}{72}{chapter.5}\protected@file@percent }
 \@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
 \@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {5.1}Developed capabilities}{71}{section.5.1}\protected@file@percent }
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {5.2}Rootkit use cases}{71}{section.5.2}\protected@file@percent }
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {6}Related work}{72}{chapter.6}\protected@file@percent }
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {5.1}Developed capabilities}{72}{section.5.1}\protected@file@percent }
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {5.2}Rootkit use cases}{72}{section.5.2}\protected@file@percent }
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {6}Related work}{73}{chapter.6}\protected@file@percent }
 \@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
 \@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{Bibliography}{73}{chapter.6}\protected@file@percent }
-\newlabel{annex:bpftool_flags_kernel}{{6}{}{Appendix A - Bpftool commands}{chapter*.66}{}}
-\newlabel{annex:readelf_commands}{{6}{}{Appendix B - Readelf commands}{chapter*.67}{}}
-\newlabel{annexsec:readelf_sec_headers}{{6}{}{}{chapter*.67}{}}
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{Bibliography}{74}{chapter.6}\protected@file@percent }
+\newlabel{annex:bpftool_flags_kernel}{{6}{}{Appendix A - Bpftool commands}{chapter*.67}{}}
+\newlabel{annex:readelf_commands}{{6}{}{Appendix B - Readelf commands}{chapter*.68}{}}
+\newlabel{annexsec:readelf_sec_headers}{{6}{}{}{chapter*.68}{}}
 \newlabel{code:elf_sections}{{6.1}{}{List of ELF section headers with readelf tool of a program compiled with GCC}{lstlisting.6.1}{}}
 \@writefile{lol}{\defcounter {refsection}{0}\relax }\@writefile{lol}{\contentsline {lstlisting}{\numberline {6.1}List of ELF section headers with readelf tool of a program compiled with GCC.}{}{lstlisting.6.1}\protected@file@percent }
 \abx@aux@read@bbl@mdfivesum{29EDBEBA551C78783A4E376AB79D67BE}
@@ -605,4 +608,4 @@
 \abx@aux@defaultrefcontext{0}{canary_exploit}{none/global//global/global}
 \abx@aux@defaultrefcontext{0}{pie_exploit}{none/global//global/global}
 \ttl@finishall
-\gdef \@abspage@last{100}
+\gdef \@abspage@last{101}
--- a/docs/document.blg
+++ b/docs/document.blg
@@ -1,108 +1,108 @@
 [0] Config.pm:311> INFO - This is Biber 2.16
 [0] Config.pm:314> INFO - Logfile is 'document.blg'
-[59] biber:340> INFO - === Sat Jun 11, 2022, 13:49:30
-[71] Biber.pm:415> INFO - Reading 'document.bcf'
-[148] Biber.pm:952> INFO - Found 89 citekeys in bib section 0
-[163] Biber.pm:4340> INFO - Processing section 0
-[171] Biber.pm:4531> INFO - Looking for bibtex format file 'bibliography/bibliography.bib' for section 0
-[173] bibtex.pm:1689> INFO - LaTeX decoding ...
-[206] bibtex.pm:1494> INFO - Found BibTeX data source 'bibliography/bibliography.bib'
-[364] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 9, warning: 1 characters of junk seen at toplevel
-[364] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 15, warning: 1 characters of junk seen at toplevel
-[364] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 22, warning: 1 characters of junk seen at toplevel
-[364] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 28, warning: 1 characters of junk seen at toplevel
-[365] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 35, warning: 1 characters of junk seen at toplevel
-[365] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 42, warning: 1 characters of junk seen at toplevel
-[365] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 50, warning: 1 characters of junk seen at toplevel
-[365] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 58, warning: 1 characters of junk seen at toplevel
-[365] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 65, warning: 1 characters of junk seen at toplevel
-[365] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 70, warning: 1 characters of junk seen at toplevel
-[365] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 77, warning: 1 characters of junk seen at toplevel
-[365] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 85, warning: 1 characters of junk seen at toplevel
-[365] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 94, warning: 1 characters of junk seen at toplevel
-[365] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 103, warning: 1 characters of junk seen at toplevel
-[365] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 112, warning: 1 characters of junk seen at toplevel
-[365] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 121, warning: 1 characters of junk seen at toplevel
-[365] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 130, warning: 1 characters of junk seen at toplevel
-[365] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 136, warning: 1 characters of junk seen at toplevel
-[365] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 141, warning: 1 characters of junk seen at toplevel
-[365] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 146, warning: 1 characters of junk seen at toplevel
-[365] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 151, warning: 1 characters of junk seen at toplevel
-[365] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 162, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 167, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 173, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 179, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 184, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 193, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 200, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 208, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 215, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 224, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 233, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 242, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 248, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 253, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 258, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 265, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 270, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 275, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 280, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 285, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 292, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 297, warning: 1 characters of junk seen at toplevel
-[366] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 304, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 311, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 318, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 324, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 330, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 336, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 343, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 348, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 353, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 358, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 365, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 370, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 375, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 384, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 389, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 394, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 399, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 404, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 409, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 414, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 419, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 428, warning: 1 characters of junk seen at toplevel
-[367] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 437, warning: 1 characters of junk seen at toplevel
-[368] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 442, warning: 1 characters of junk seen at toplevel
-[368] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 447, warning: 1 characters of junk seen at toplevel
-[368] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 452, warning: 1 characters of junk seen at toplevel
-[368] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 458, warning: 1 characters of junk seen at toplevel
-[368] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 468, warning: 1 characters of junk seen at toplevel
-[368] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 475, warning: 1 characters of junk seen at toplevel
-[368] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 482, warning: 1 characters of junk seen at toplevel
-[368] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 491, warning: 1 characters of junk seen at toplevel
-[368] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 496, warning: 1 characters of junk seen at toplevel
-[368] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 501, warning: 1 characters of junk seen at toplevel
-[368] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 510, warning: 1 characters of junk seen at toplevel
-[368] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 517, warning: 1 characters of junk seen at toplevel
-[368] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 524, warning: 1 characters of junk seen at toplevel
-[368] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 529, warning: 1 characters of junk seen at toplevel
-[368] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 538, warning: 1 characters of junk seen at toplevel
-[368] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 547, warning: 1 characters of junk seen at toplevel
-[368] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 552, warning: 1 characters of junk seen at toplevel
-[368] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 557, warning: 1 characters of junk seen at toplevel
-[369] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 564, warning: 1 characters of junk seen at toplevel
-[369] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 571, warning: 1 characters of junk seen at toplevel
-[369] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 576, warning: 1 characters of junk seen at toplevel
-[369] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 581, warning: 1 characters of junk seen at toplevel
-[369] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 586, warning: 1 characters of junk seen at toplevel
-[369] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 593, warning: 1 characters of junk seen at toplevel
-[369] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 600, warning: 1 characters of junk seen at toplevel
-[369] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_xRwn/f4d088b3f9f145b5c3058da33afd57d4_21103.utf8, line 607, warning: 1 characters of junk seen at toplevel
-[423] UCollate.pm:68> INFO - Overriding locale 'en-US' defaults 'normalization = NFD' with 'normalization = prenormalized'
-[423] UCollate.pm:68> INFO - Overriding locale 'en-US' defaults 'variable = shifted' with 'variable = non-ignorable'
-[423] Biber.pm:4168> INFO - Sorting list 'none/global//global/global' of type 'entry' with template 'none' and locale 'en-US'
-[423] Biber.pm:4174> INFO - No sort tailoring available for locale 'en-US'
-[470] bbl.pm:654> INFO - Writing 'document.bbl' with encoding 'UTF-8'
-[490] bbl.pm:757> INFO - Output to document.bbl
-[490] Biber.pm:128> INFO - WARNINGS: 92
+[61] biber:340> INFO - === Sat Jun 11, 2022, 22:16:42
+[76] Biber.pm:415> INFO - Reading 'document.bcf'
+[155] Biber.pm:952> INFO - Found 89 citekeys in bib section 0
+[170] Biber.pm:4340> INFO - Processing section 0
+[179] Biber.pm:4531> INFO - Looking for bibtex format file 'bibliography/bibliography.bib' for section 0
+[181] bibtex.pm:1689> INFO - LaTeX decoding ...
+[215] bibtex.pm:1494> INFO - Found BibTeX data source 'bibliography/bibliography.bib'
+[375] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 9, warning: 1 characters of junk seen at toplevel
+[376] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 15, warning: 1 characters of junk seen at toplevel
+[376] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 22, warning: 1 characters of junk seen at toplevel
+[376] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 28, warning: 1 characters of junk seen at toplevel
+[376] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 35, warning: 1 characters of junk seen at toplevel
+[376] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 42, warning: 1 characters of junk seen at toplevel
+[376] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 50, warning: 1 characters of junk seen at toplevel
+[376] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 58, warning: 1 characters of junk seen at toplevel
+[376] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 65, warning: 1 characters of junk seen at toplevel
+[376] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 70, warning: 1 characters of junk seen at toplevel
+[376] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 77, warning: 1 characters of junk seen at toplevel
+[376] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 85, warning: 1 characters of junk seen at toplevel
+[376] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 94, warning: 1 characters of junk seen at toplevel
+[376] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 103, warning: 1 characters of junk seen at toplevel
+[376] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 112, warning: 1 characters of junk seen at toplevel
+[376] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 121, warning: 1 characters of junk seen at toplevel
+[376] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 130, warning: 1 characters of junk seen at toplevel
+[376] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 136, warning: 1 characters of junk seen at toplevel
+[376] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 141, warning: 1 characters of junk seen at toplevel
+[377] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 146, warning: 1 characters of junk seen at toplevel
+[377] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 151, warning: 1 characters of junk seen at toplevel
+[377] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 162, warning: 1 characters of junk seen at toplevel
+[377] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 167, warning: 1 characters of junk seen at toplevel
+[377] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 173, warning: 1 characters of junk seen at toplevel
+[377] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 179, warning: 1 characters of junk seen at toplevel
+[377] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 184, warning: 1 characters of junk seen at toplevel
+[377] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 193, warning: 1 characters of junk seen at toplevel
+[377] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 200, warning: 1 characters of junk seen at toplevel
+[377] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 208, warning: 1 characters of junk seen at toplevel
+[377] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 215, warning: 1 characters of junk seen at toplevel
+[377] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 224, warning: 1 characters of junk seen at toplevel
+[377] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 233, warning: 1 characters of junk seen at toplevel
+[377] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 242, warning: 1 characters of junk seen at toplevel
+[377] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 248, warning: 1 characters of junk seen at toplevel
+[377] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 253, warning: 1 characters of junk seen at toplevel
+[377] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 258, warning: 1 characters of junk seen at toplevel
+[377] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 265, warning: 1 characters of junk seen at toplevel
+[377] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 270, warning: 1 characters of junk seen at toplevel
+[378] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 275, warning: 1 characters of junk seen at toplevel
+[378] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 280, warning: 1 characters of junk seen at toplevel
+[378] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 285, warning: 1 characters of junk seen at toplevel
+[378] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 292, warning: 1 characters of junk seen at toplevel
+[378] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 297, warning: 1 characters of junk seen at toplevel
+[378] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 304, warning: 1 characters of junk seen at toplevel
+[378] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 311, warning: 1 characters of junk seen at toplevel
+[378] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 318, warning: 1 characters of junk seen at toplevel
+[378] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 324, warning: 1 characters of junk seen at toplevel
+[378] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 330, warning: 1 characters of junk seen at toplevel
+[378] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 336, warning: 1 characters of junk seen at toplevel
+[378] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 343, warning: 1 characters of junk seen at toplevel
+[378] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 348, warning: 1 characters of junk seen at toplevel
+[378] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 353, warning: 1 characters of junk seen at toplevel
+[378] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 358, warning: 1 characters of junk seen at toplevel
+[378] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 365, warning: 1 characters of junk seen at toplevel
+[378] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 370, warning: 1 characters of junk seen at toplevel
+[378] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 375, warning: 1 characters of junk seen at toplevel
+[378] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 384, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 389, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 394, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 399, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 404, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 409, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 414, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 419, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 428, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 437, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 442, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 447, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 452, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 458, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 468, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 475, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 482, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 491, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 496, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 501, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 510, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 517, warning: 1 characters of junk seen at toplevel
+[379] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 524, warning: 1 characters of junk seen at toplevel
+[380] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 529, warning: 1 characters of junk seen at toplevel
+[380] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 538, warning: 1 characters of junk seen at toplevel
+[380] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 547, warning: 1 characters of junk seen at toplevel
+[380] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 552, warning: 1 characters of junk seen at toplevel
+[380] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 557, warning: 1 characters of junk seen at toplevel
+[380] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 564, warning: 1 characters of junk seen at toplevel
+[380] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 571, warning: 1 characters of junk seen at toplevel
+[380] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 576, warning: 1 characters of junk seen at toplevel
+[380] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 581, warning: 1 characters of junk seen at toplevel
+[380] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 586, warning: 1 characters of junk seen at toplevel
+[380] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 593, warning: 1 characters of junk seen at toplevel
+[380] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 600, warning: 1 characters of junk seen at toplevel
+[380] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_eUFi/f4d088b3f9f145b5c3058da33afd57d4_33916.utf8, line 607, warning: 1 characters of junk seen at toplevel
+[435] UCollate.pm:68> INFO - Overriding locale 'en-US' defaults 'normalization = NFD' with 'normalization = prenormalized'
+[435] UCollate.pm:68> INFO - Overriding locale 'en-US' defaults 'variable = shifted' with 'variable = non-ignorable'
+[435] Biber.pm:4168> INFO - Sorting list 'none/global//global/global' of type 'entry' with template 'none' and locale 'en-US'
+[435] Biber.pm:4174> INFO - No sort tailoring available for locale 'en-US'
+[483] bbl.pm:654> INFO - Writing 'document.bbl' with encoding 'UTF-8'
+[503] bbl.pm:757> INFO - Output to document.bbl
+[503] Biber.pm:128> INFO - WARNINGS: 92
--- a/docs/document.lof
+++ b/docs/document.lof
@@ -69,15 +69,17 @@
 \defcounter {refsection}{0}\relax 
 \addvspace {10\p@ }
 \defcounter {refsection}{0}\relax 
-\contentsline {figure}{\numberline {4.1}{\ignorespaces Initial setup for the ROP with eBPF technique.\relax }}{65}{figure.caption.60}%
+\contentsline {figure}{\numberline {4.1}{\ignorespaces Overview of the rootkit subsystems and components.\relax }}{65}{figure.caption.60}%
 \defcounter {refsection}{0}\relax 
-\contentsline {figure}{\numberline {4.2}{\ignorespaces Process memory after syscall exits and ROP code overwrites the stack.\relax }}{66}{figure.caption.61}%
+\contentsline {figure}{\numberline {4.2}{\ignorespaces Initial setup for the ROP with eBPF technique.\relax }}{66}{figure.caption.61}%
 \defcounter {refsection}{0}\relax 
-\contentsline {figure}{\numberline {4.3}{\ignorespaces Stack data is restored and program continues its execution.\relax }}{67}{figure.caption.62}%
+\contentsline {figure}{\numberline {4.3}{\ignorespaces Process memory after syscall exits and ROP code overwrites the stack.\relax }}{67}{figure.caption.62}%
 \defcounter {refsection}{0}\relax 
-\contentsline {figure}{\numberline {4.4}{\ignorespaces Two runs of the same executable using ASLR, showing a library and two symbols.\relax }}{68}{figure.caption.63}%
+\contentsline {figure}{\numberline {4.4}{\ignorespaces Stack data is restored and program continues its execution.\relax }}{68}{figure.caption.63}%
 \defcounter {refsection}{0}\relax 
-\contentsline {figure}{\numberline {4.5}{\ignorespaces Call to the glibc function, using objdump\relax }}{70}{figure.caption.64}%
+\contentsline {figure}{\numberline {4.5}{\ignorespaces Two runs of the same executable using ASLR, showing a library and two symbols.\relax }}{69}{figure.caption.64}%
+\defcounter {refsection}{0}\relax 
+\contentsline {figure}{\numberline {4.6}{\ignorespaces Call to the glibc function, using objdump\relax }}{71}{figure.caption.65}%
 \defcounter {refsection}{0}\relax 
 \addvspace {10\p@ }
 \defcounter {refsection}{0}\relax 
--- a/docs/document.log
+++ b/docs/document.log
@@ -1,4 +1,4 @@
-This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27)  11 JUN 2022 16:30
+This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27)  11 JUN 2022 22:19
 entering extended mode
 restricted \write18 enabled.
 %&-line parsing enabled.
@@ -1089,7 +1089,7 @@ File: t1txss.fd 2000/12/15 v3.1
 )
 LaTeX Font Info:    Font shape `T1/txss/m/n' will be
 (Font)              scaled to size 11.39996pt on input line 186.
-<images//Portada_Logo.png, id=293, 456.2865pt x 45.99pt>
+<images//Portada_Logo.png, id=297, 456.2865pt x 45.99pt>
 File: images//Portada_Logo.png Graphic file (type png)
 <use images//Portada_Logo.png>
 Package pdftex.def Info: images//Portada_Logo.png  used on input line 190.
@@ -1102,7 +1102,7 @@ LaTeX Font Info:    Font shape `T1/txss/m/n' will be
 (Font)              scaled to size 23.63593pt on input line 201.
 LaTeX Font Info:    Font shape `T1/txss/m/n' will be
 (Font)              scaled to size 19.70294pt on input line 205.
-<images/creativecommons.png, id=295, 338.76563pt x 118.19156pt>
+<images/creativecommons.png, id=299, 338.76563pt x 118.19156pt>
 File: images/creativecommons.png Graphic file (type png)
 <use images/creativecommons.png>
 Package pdftex.def Info: images/creativecommons.png  used on input line 215.
@@ -1210,7 +1210,7 @@ Overfull \hbox (0.50073pt too wide) in paragraph at lines 43--44

 [3]) (./chapters/chapter2.tex [4]
 Chapter 2.
-<images//classic_bpf.jpg, id=728, 588.1975pt x 432.61626pt>
+<images//classic_bpf.jpg, id=736, 588.1975pt x 432.61626pt>
 File: images//classic_bpf.jpg Graphic file (type jpg)
 <use images//classic_bpf.jpg>
 Package pdftex.def Info: images//classic_bpf.jpg  used on input line 20.
@@ -1218,35 +1218,35 @@ Package pdftex.def Info: images//classic_bpf.jpg  used on input line 20.
 [5

 ] [6 <./images//classic_bpf.jpg>]
-<images//cbpf_prog.jpg, id=749, 403.5075pt x 451.6875pt>
+<images//cbpf_prog.jpg, id=757, 403.5075pt x 451.6875pt>
 File: images//cbpf_prog.jpg Graphic file (type jpg)
 <use images//cbpf_prog.jpg>
 Package pdftex.def Info: images//cbpf_prog.jpg  used on input line 55.
 (pdftex.def)             Requested size: 227.62204pt x 254.80415pt.
 [7 <./images/cBPF_prog.jpg>]
-<images//bpf_instructions.png, id=761, 380.92313pt x 475.27562pt>
+<images//bpf_instructions.png, id=769, 380.92313pt x 475.27562pt>
 File: images//bpf_instructions.png Graphic file (type png)
 <use images//bpf_instructions.png>
 Package pdftex.def Info: images//bpf_instructions.png  used on input line 96.
 (pdftex.def)             Requested size: 227.62204pt x 283.99998pt.
-<images//bpf_address_mode.png, id=765, 417.05812pt x 313.67188pt>
+<images//bpf_address_mode.png, id=773, 417.05812pt x 313.67188pt>
 File: images//bpf_address_mode.png Graphic file (type png)
 <use images//bpf_address_mode.png>
 Package pdftex.def Info: images//bpf_address_mode.png  used on input line 105.
 (pdftex.def)             Requested size: 227.62204pt x 171.19905pt.
 [8] [9 <./images//bpf_instructions.png> <./images//bpf_address_mode.png>]
-<images//tcpdump_example.png, id=780, 534.99875pt x 454.69875pt>
+<images//tcpdump_example.png, id=788, 534.99875pt x 454.69875pt>
 File: images//tcpdump_example.png Graphic file (type png)
 <use images//tcpdump_example.png>
 Package pdftex.def Info: images//tcpdump_example.png  used on input line 117.
 (pdftex.def)             Requested size: 284.52756pt x 241.82869pt.
-<images//cBPF_prog_ex_sol.png, id=783, 242.9075pt x 321.2pt>
+<images//cBPF_prog_ex_sol.png, id=791, 242.9075pt x 321.2pt>
 File: images//cBPF_prog_ex_sol.png Graphic file (type png)
 <use images//cBPF_prog_ex_sol.png>
 Package pdftex.def Info: images//cBPF_prog_ex_sol.png  used on input line 128.
 (pdftex.def)             Requested size: 170.71652pt x 225.74026pt.
 [10 <./images//tcpdump_example.png>]
-<images//ebpf_arch.jpg, id=796, 739.76375pt x 472.76625pt>
+<images//ebpf_arch.jpg, id=804, 739.76375pt x 472.76625pt>
 File: images//ebpf_arch.jpg Graphic file (type jpg)
 <use images//ebpf_arch.jpg>
 Package pdftex.def Info: images//ebpf_arch.jpg  used on input line 167.
@@ -1282,7 +1282,7 @@ Overfull \hbox (13.5802pt too wide) in paragraph at lines 351--381
 []

 [17]
-<images//xdp_diag.jpg, id=887, 649.42625pt x 472.76625pt>
+<images//xdp_diag.jpg, id=895, 649.42625pt x 472.76625pt>
 File: images//xdp_diag.jpg Graphic file (type jpg)
 <use images//xdp_diag.jpg>
 Package pdftex.def Info: images//xdp_diag.jpg  used on input line 404.
@@ -1293,7 +1293,7 @@ Overfull \hbox (5.80417pt too wide) in paragraph at lines 460--472
 []

 [20] [21] [22] [23]
-<images//libbpf_prog.jpg, id=943, 543.02875pt x 502.87875pt>
+<images//libbpf_prog.jpg, id=951, 543.02875pt x 502.87875pt>
 File: images//libbpf_prog.jpg Graphic file (type jpg)
 <use images//libbpf_prog.jpg>
 Package pdftex.def Info: images//libbpf_prog.jpg  used on input line 570.
@@ -1320,25 +1320,25 @@ BPF and CAP_NET_ADMIN,
 []

 [26] [27]
-<images//mem_arch_pages.jpg, id=992, 593.21625pt x 434.62375pt>
+<images//mem_arch_pages.jpg, id=1000, 593.21625pt x 434.62375pt>
 File: images//mem_arch_pages.jpg Graphic file (type jpg)
 <use images//mem_arch_pages.jpg>
 Package pdftex.def Info: images//mem_arch_pages.jpg  used on input line 709.
 (pdftex.def)             Requested size: 369.88582pt x 271.00914pt.
 [28 <./images//mem_arch_pages.jpg>]
-<images//mem_major_page_fault.jpg, id=1000, 639.38875pt x 425.59pt>
+<images//mem_major_page_fault.jpg, id=1008, 639.38875pt x 425.59pt>
 File: images//mem_major_page_fault.jpg Graphic file (type jpg)
 <use images//mem_major_page_fault.jpg>
 Package pdftex.def Info: images//mem_major_page_fault.jpg  used on input line 7
 19.
 (pdftex.def)             Requested size: 312.9803pt x 208.32661pt.
-<images//mem_minor_page_fault.jpg, id=1002, 654.445pt x 555.07375pt>
+<images//mem_minor_page_fault.jpg, id=1010, 654.445pt x 555.07375pt>
 File: images//mem_minor_page_fault.jpg Graphic file (type jpg)
 <use images//mem_minor_page_fault.jpg>
 Package pdftex.def Info: images//mem_minor_page_fault.jpg  used on input line 7
 27.
 (pdftex.def)             Requested size: 312.9803pt x 265.45834pt.
-<images//memory.jpg, id=1004, 310.15875pt x 569.12625pt>
+<images//memory.jpg, id=1012, 310.15875pt x 569.12625pt>
 File: images//memory.jpg Graphic file (type jpg)
 <use images//memory.jpg>
 Package pdftex.def Info: images//memory.jpg  used on input line 738.
@@ -1351,13 +1351,13 @@ buted within a pro-cess in the x86_64

 [29 <./images//mem_major_page_fault.jpg>] [30 <./images//mem_minor_page_fault.j
 pg> <./images//memory.jpg>]
-<images//stack_pres.jpg, id=1017, 707.64375pt x 283.0575pt>
+<images//stack_pres.jpg, id=1025, 707.64375pt x 283.0575pt>
 File: images//stack_pres.jpg Graphic file (type jpg)
 <use images//stack_pres.jpg>
 Package pdftex.def Info: images//stack_pres.jpg  used on input line 760.
 (pdftex.def)             Requested size: 398.33858pt x 159.33606pt.
 [31 <./images//stack_pres.jpg>]
-<images//stack_ops.jpg, id=1028, 524.96124pt x 694.595pt>
+<images//stack_ops.jpg, id=1036, 524.96124pt x 694.595pt>
 File: images//stack_ops.jpg Graphic file (type jpg)
 <use images//stack_ops.jpg>
 Package pdftex.def Info: images//stack_ops.jpg  used on input line 794.
@@ -1368,19 +1368,19 @@ LaTeX Font Info:    Trying to load font information for T1+txtt on input line 8
 (/usr/share/texlive/texmf-dist/tex/latex/txfonts/t1txtt.fd
 File: t1txtt.fd 2000/12/15 v3.1
 )
-<images//stack_before.jpg, id=1031, 712.6625pt x 315.1775pt>
+<images//stack_before.jpg, id=1039, 712.6625pt x 315.1775pt>
 File: images//stack_before.jpg Graphic file (type jpg)
 <use images//stack_before.jpg>
 Package pdftex.def Info: images//stack_before.jpg  used on input line 804.
 (pdftex.def)             Requested size: 398.33858pt x 176.16635pt.
-<images//stack.jpg, id=1032, 707.64375pt x 381.425pt>
+<images//stack.jpg, id=1040, 707.64375pt x 381.425pt>
 File: images//stack.jpg Graphic file (type jpg)
 <use images//stack.jpg>
 Package pdftex.def Info: images//stack.jpg  used on input line 811.
 (pdftex.def)             Requested size: 398.33858pt x 214.70816pt.
 [32] [33 <./images//stack_ops.jpg> <./images//stack_before.jpg>] [34 <./images
 //stack.jpg>]
-<images//stack_ret_hij_simple.jpg, id=1068, 774.895pt x 674.52pt>
+<images//stack_ret_hij_simple.jpg, id=1076, 774.895pt x 674.52pt>
 File: images//stack_ret_hij_simple.jpg Graphic file (type jpg)
 <use images//stack_ret_hij_simple.jpg>
 Package pdftex.def Info: images//stack_ret_hij_simple.jpg  used on input line 8
@@ -1398,12 +1398,12 @@ nput line 863.
 LaTeX Font Info:    Font shape `T1/txtt/b/n' in size <10> not available
 (Font)              Font shape `T1/txtt/bx/n' tried instead on input line 864.
 [35] [36 <./images//stack_ret_hij_simple.jpg>]
-<images//buffer_overflow.jpg, id=1089, 707.64375pt x 343.2825pt>
+<images//buffer_overflow.jpg, id=1097, 707.64375pt x 343.2825pt>
 File: images//buffer_overflow.jpg Graphic file (type jpg)
 <use images//buffer_overflow.jpg>
 Package pdftex.def Info: images//buffer_overflow.jpg  used on input line 879.
 (pdftex.def)             Requested size: 426.79134pt x 207.03964pt.
-<images//buffer_overflow_shellcode.jpg, id=1091, 707.64375pt x 379.4175pt>
+<images//buffer_overflow_shellcode.jpg, id=1099, 707.64375pt x 379.4175pt>
 File: images//buffer_overflow_shellcode.jpg Graphic file (type jpg)
 <use images//buffer_overflow_shellcode.jpg>
 Package pdftex.def Info: images//buffer_overflow_shellcode.jpg  used on input l
@@ -1419,7 +1419,7 @@ LaTeX Warning: Reference `TODO probably an Annex' on page 37 undefined on input
 LaTeX Warning: Reference `TODO' on page 38 undefined on input line 907.

 [38 <./images//buffer_overflow_shellcode.jpg>]
-<images//ROPcompound.jpg, id=1107, 1296.845pt x 790.955pt>
+<images//ROPcompound.jpg, id=1115, 1296.845pt x 790.955pt>
 File: images//ROPcompound.jpg Graphic file (type jpg)
 <use images//ROPcompound.jpg>
 Package pdftex.def Info: images//ROPcompound.jpg  used on input line 929.
@@ -1434,13 +1434,13 @@ Overfull \hbox (28.45273pt too wide) in paragraph at lines 929--930
 LaTeX Warning: Reference `TODO' on page 40 undefined on input line 941.

 [40 <./images//ROPcompound.jpg>]
-<images//frame.jpg, id=1127, 695.59875pt x 705.63625pt>
+<images//frame.jpg, id=1135, 695.59875pt x 705.63625pt>
 File: images//frame.jpg Graphic file (type jpg)
 <use images//frame.jpg>
 Package pdftex.def Info: images//frame.jpg  used on input line 954.
 (pdftex.def)             Requested size: 398.33858pt x 404.07954pt.
 [41 <./images//frame.jpg>]
-<images//tcp_conn.jpg, id=1142, 452.69125pt x 405.515pt>
+<images//tcp_conn.jpg, id=1150, 452.69125pt x 405.515pt>
 File: images//tcp_conn.jpg Graphic file (type jpg)
 <use images//tcp_conn.jpg>
 Package pdftex.def Info: images//tcp_conn.jpg  used on input line 1002.
@@ -1452,7 +1452,7 @@ e-quence of SYN, SYN+ACK,
 []

 [42] [43 <./images//tcp_conn.jpg>]
-<images//tcp_retransmission.jpg, id=1156, 523.9575pt x 485.815pt>
+<images//tcp_retransmission.jpg, id=1164, 523.9575pt x 485.815pt>
 File: images//tcp_retransmission.jpg Graphic file (type jpg)
 <use images//tcp_retransmission.jpg>
 Package pdftex.def Info: images//tcp_retransmission.jpg  used on input line 101
@@ -1483,7 +1483,7 @@ s a call to the func-tion timerfd_settime,
 []

 [45] [46]
-<images//sch_gdb_plt.png, id=1186, 1040.88875pt x 146.5475pt>
+<images//sch_gdb_plt.png, id=1194, 1040.88875pt x 146.5475pt>
 File: images//sch_gdb_plt.png Graphic file (type png)
 <use images//sch_gdb_plt.png>
 Package pdftex.def Info: images//sch_gdb_plt.png  used on input line 1100.
@@ -1493,7 +1493,7 @@ Overfull \hbox (14.22636pt too wide) in paragraph at lines 1100--1101
 [][] 
 []

-<images//sch_gdb_got_prev.png, id=1187, 529.98pt x 39.14626pt>
+<images//sch_gdb_got_prev.png, id=1195, 529.98pt x 39.14626pt>
 File: images//sch_gdb_got_prev.png Graphic file (type png)
 <use images//sch_gdb_got_prev.png>
 Package pdftex.def Info: images//sch_gdb_got_prev.png  used on input line 1107.
@@ -1504,7 +1504,7 @@ Overfull \hbox (14.22636pt too wide) in paragraph at lines 1107--1108
 [][] 
 []

-<images//sch_gdb_got_after.png, id=1191, 532.99126pt x 41.15375pt>
+<images//sch_gdb_got_after.png, id=1199, 532.99126pt x 41.15375pt>
 File: images//sch_gdb_got_after.png Graphic file (type png)
 <use images//sch_gdb_got_after.png>
 Package pdftex.def Info: images//sch_gdb_got_after.png  used on input line 1116
@@ -1515,7 +1515,7 @@ Overfull \hbox (14.22636pt too wide) in paragraph at lines 1116--1117
 [][] 
 []

-<images//sch_glibc_func.png, id=1192, 585.18625pt x 89.33376pt>
+<images//sch_glibc_func.png, id=1200, 585.18625pt x 89.33376pt>
 File: images//sch_glibc_func.png Graphic file (type png)
 <use images//sch_glibc_func.png>
 Package pdftex.def Info: images//sch_glibc_func.png  used on input line 1123.
@@ -1530,10 +1530,6 @@ _gdb_got_after.png>] [48 <./images//sch_glibc_func.png>])
 (./chapters/chapter3.tex [49]
 Chapter 3.

-LaTeX Warning: Reference `subsection:access_control' on page 50 undefined on in
-put line 13.
-
-
 Overfull \hbox (18.75664pt too wide) in paragraph at lines 17--18
 \T1/txr/m/n/12 can also ex-plore all the avail-able maps in the sys-tem by us-i
 ng the BPF_MAP_GET_NEXT_ID
@@ -1570,7 +1566,7 @@ Overfull \hbox (3.09538pt too wide) in paragraph at lines 252--253
 []

 [57]
-<images//stack_scan_write_tech.jpg, id=1374, 829.0975pt x 315.1775pt>
+<images//stack_scan_write_tech.jpg, id=1383, 829.0975pt x 315.1775pt>
 File: images//stack_scan_write_tech.jpg Graphic file (type jpg)
 <use images//stack_scan_write_tech.jpg>
 Package pdftex.def Info: images//stack_scan_write_tech.jpg  used on input line 
@@ -1586,7 +1582,7 @@ Overfull \hbox (28.45273pt too wide) in paragraph at lines 268--269
 LaTeX Warning: Reference `TODO' on page 59 undefined on input line 290.

 [59] [60] [61]
-<images//tcp_exfiltrate_retrans.jpg, id=1427, 633.36626pt x 475.7775pt>
+<images//tcp_exfiltrate_retrans.jpg, id=1436, 633.36626pt x 475.7775pt>
 File: images//tcp_exfiltrate_retrans.jpg Graphic file (type jpg)
 <use images//tcp_exfiltrate_retrans.jpg>
 Package pdftex.def Info: images//tcp_exfiltrate_retrans.jpg  used on input line
@@ -1595,73 +1591,82 @@ Package pdftex.def Info: images//tcp_exfiltrate_retrans.jpg  used on input line
 [62 <./images//tcp_exfiltrate_retrans.jpg>])
 (./chapters/chapter4.tex [63]
 Chapter 4.
+<images//rootkit.jpg, id=1445, 886.31125pt x 614.295pt>
+File: images//rootkit.jpg Graphic file (type jpg)
+<use images//rootkit.jpg>
+Package pdftex.def Info: images//rootkit.jpg  used on input line 19.
+(pdftex.def)             Requested size: 441.01772pt x 305.67511pt.
+
+Overfull \hbox (14.22636pt too wide) in paragraph at lines 19--20
+ [][] 
+ []
+
 [64

 ]

-LaTeX Warning: Reference `TODO EVALUATION' on page 65 undefined on input line 2
-2.
+LaTeX Warning: Reference `TODO EVALUATION' on page 65 undefined on input line 3
+0.

-<images//rop_evil_ebpf_1.jpg, id=1445, 789.95125pt x 395.4775pt>
+<images//rop_evil_ebpf_1.jpg, id=1455, 789.95125pt x 395.4775pt>
 File: images//rop_evil_ebpf_1.jpg Graphic file (type jpg)
 <use images//rop_evil_ebpf_1.jpg>
-Package pdftex.def Info: images//rop_evil_ebpf_1.jpg  used on input line 30.
+Package pdftex.def Info: images//rop_evil_ebpf_1.jpg  used on input line 38.
 (pdftex.def)             Requested size: 426.79134pt x 213.66933pt.
+[65 <./images//rootkit.jpg>]

-LaTeX Warning: Reference `TODO' on page 65 undefined on input line 38.
+LaTeX Warning: Reference `TODO' on page 66 undefined on input line 46.

-[65 <./images//rop_evil_ebpf_1.jpg>]
-Overfull \hbox (4.42868pt too wide) in paragraph at lines 47--48
+[66 <./images//rop_evil_ebpf_1.jpg>]
+Overfull \hbox (4.42868pt too wide) in paragraph at lines 55--56
 \T1/txr/m/n/12 the orig-i-nal data later) and we pro-ceed to over-write the sta
 ck us-ing bpf_probe_write_user(),
 []

-<images//rop_evil_ebpf_2.jpg, id=1455, 789.95125pt x 395.4775pt>
+<images//rop_evil_ebpf_2.jpg, id=1472, 789.95125pt x 395.4775pt>
 File: images//rop_evil_ebpf_2.jpg Graphic file (type jpg)
 <use images//rop_evil_ebpf_2.jpg>
-Package pdftex.def Info: images//rop_evil_ebpf_2.jpg  used on input line 51.
+Package pdftex.def Info: images//rop_evil_ebpf_2.jpg  used on input line 59.
 (pdftex.def)             Requested size: 426.79134pt x 213.66933pt.
-[66 <./images//rop_evil_ebpf_2.jpg>]
-<images//rop_evil_ebpf_3.jpg, id=1465, 789.95125pt x 369.38pt>
+<images//rop_evil_ebpf_3.jpg, id=1475, 789.95125pt x 369.38pt>
 File: images//rop_evil_ebpf_3.jpg Graphic file (type jpg)
 <use images//rop_evil_ebpf_3.jpg>
-Package pdftex.def Info: images//rop_evil_ebpf_3.jpg  used on input line 62.
+Package pdftex.def Info: images//rop_evil_ebpf_3.jpg  used on input line 70.
 (pdftex.def)             Requested size: 426.79134pt x 199.5693pt.
- [67 <./images//rop_evil_ebpf_3.jpg>]
+[67 <./images//rop_evil_ebpf_2.jpg>] [68 <./images//rop_evil_ebpf_3.jpg>]

-LaTeX Warning: Reference `table:aslr_offset' on page 68 undefined on input line
- 85.
+LaTeX Warning: Reference `table:aslr_offset' on page 69 undefined on input line
+ 93.

-<images//aslr_offset.jpg, id=1474, 597.23125pt x 273.02pt>
+<images//aslr_offset.jpg, id=1489, 597.23125pt x 273.02pt>
 File: images//aslr_offset.jpg Graphic file (type jpg)
 <use images//aslr_offset.jpg>
-Package pdftex.def Info: images//aslr_offset.jpg  used on input line 90.
+Package pdftex.def Info: images//aslr_offset.jpg  used on input line 98.
 (pdftex.def)             Requested size: 369.88582pt x 169.0915pt.
-[68 <./images//aslr_offset.jpg>]
-Overfull \hbox (0.26146pt too wide) in paragraph at lines 113--114
+[69 <./images//aslr_offset.jpg>]
+Overfull \hbox (0.26146pt too wide) in paragraph at lines 121--122
 []\T1/txr/m/n/12 This tech-nique works both in com-pil-ers with low hard-en-ing
 fe-tau-res by de-fault (Clang)
 []


-Overfull \hbox (38.05193pt too wide) in paragraph at lines 117--119
+Overfull \hbox (38.05193pt too wide) in paragraph at lines 125--127
 \T1/txr/m/n/12 We load and at-tach a tra-ce-point eBPF pro-gram at the \T1/txr/
 m/it/12 en-ter \T1/txr/m/n/12 po-si-tion of syscall sys_timerfd_settime.
 []

-[69]
-<images//sch_firstcall.png, id=1491, 643.40375pt x 91.34125pt>
+<images//sch_firstcall.png, id=1501, 643.40375pt x 91.34125pt>
 File: images//sch_firstcall.png Graphic file (type png)
 <use images//sch_firstcall.png>
-Package pdftex.def Info: images//sch_firstcall.png  used on input line 127.
+Package pdftex.def Info: images//sch_firstcall.png  used on input line 135.
 (pdftex.def)             Requested size: 369.88582pt x 52.51244pt.
-) (./chapters/chapter5.tex [70 <./images//sch_firstcall.png>]
+[70]) (./chapters/chapter5.tex [71 <./images//sch_firstcall.png>]
 Chapter 5.
-) (./chapters/chapter6.tex [71
+) (./chapters/chapter6.tex [72

 ]
 Chapter 6.
-) [72
+) [73

 ]
 Overfull \hbox (5.34976pt too wide) in paragraph at lines 338--338
@@ -1669,7 +1674,7 @@ Overfull \hbox (5.34976pt too wide) in paragraph at lines 338--338
 / yir -[] cyber -[] threats -[]
 []

-[73
+[74


 ]
@@ -1690,7 +1695,7 @@ Overfull \hbox (21.24973pt too wide) in paragraph at lines 338--338
 mmit _ 2015feb20 .
 []

-[74]
+[75]
 Overfull \hbox (9.14975pt too wide) in paragraph at lines 338--338
 \T1/txtt/m/n/12 ch02 . xhtml# :-[]: text = With % 20JIT % 20compiled % 20code %
 2C % 20i ,[] %20other %
@@ -1702,7 +1707,7 @@ Overfull \hbox (6.49615pt too wide) in paragraph at lines 338--338
 022), [On-line]. Avail-able: [][]$\T1/txtt/m/n/12 https :
 []

-[75]
+[76]
 Overfull \hbox (0.76683pt too wide) in paragraph at lines 338--338
 []\T1/txr/m/n/12 ^^P  Bpf next ker-nel tree.^^Q (), [On-line]. Avail-able: [][]
 $\T1/txtt/m/n/12 https : / / kernel . googlesource .
@@ -1714,7 +1719,7 @@ Overfull \hbox (14.49278pt too wide) in paragraph at lines 338--338
 12 . [On-line]. Avail-able: [][]$\T1/txtt/m/n/12 http : / / manpages .
 []

-[76]
+[77]
 Overfull \hbox (9.33742pt too wide) in paragraph at lines 338--338
 \T1/txr/m/n/12 Avail-able: [][]$\T1/txtt/m/n/12 https : / / events19 . linuxfou
 ndation . org / wp -[] content / uploads /
@@ -1762,7 +1767,7 @@ Overfull \hbox (4.29944pt too wide) in paragraph at lines 338--338
 2), [On-line]. Avail-able: [][]$\T1/txtt/m/n/12 https :
 []

-[77]
+[78]
 Overfull \hbox (6.53491pt too wide) in paragraph at lines 338--338
 []\T1/txr/m/n/12 H. Sidh-pur-wala. ^^P  Hard-en-ing elf bi-na-ries us-ing re-lo
 -ca-tion read-only (relro).^^Q (Jan. 28,
@@ -1792,7 +1797,7 @@ Overfull \hbox (39.98859pt too wide) in paragraph at lines 338--338
 il-able: [][]$\T1/txtt/m/n/12 https : / / raw . githubusercontent .
 []

-[78] (./chapters/annex.tex [79]
+[79] (./chapters/annex.tex [80]
 (/usr/share/texlive/texmf-dist/tex/latex/listings/lstlang1.sty
 File: lstlang1.sty 2020/03/24 1.8d listings language file
 )
@@ -1821,16 +1826,16 @@ LaTeX Warning: There were undefined references.
 LaTeX Warning: Label(s) may have changed. Rerun to get cross-references right.

 Package rerunfilecheck Info: File `document.out' has not changed.
-(rerunfilecheck)             Checksum: 7A34DDECD47F12129DDDCF15A57C6F25;5503.
+(rerunfilecheck)             Checksum: 9BD1500B472001DFE82F052359B713F2;5573.
 Package logreq Info: Writing requests to 'document.run.xml'.
 \openout1 = `document.run.xml'.

 ) 
 Here is how much of TeX's memory you used:
- 29195 strings out of 481209
- 465192 string characters out of 5914747
- 1628061 words of memory out of 5000000
- 45104 multiletter control sequences out of 15000+600000
+ 29206 strings out of 481209
+ 465378 string characters out of 5914747
+ 1628288 words of memory out of 5000000
+ 45111 multiletter control sequences out of 15000+600000
 459242 words of font info for 106 fonts, out of 8000000 for 9000
 36 hyphenation exceptions out of 8191
 88i,12n,90p,1029b,3721s stack positions out of 5000i,500n,10000p,200000b,80000s
@@ -1846,9 +1851,9 @@ e/texmf-dist/fonts/type1/urw/helvetic/uhvb8a.pfb></usr/share/texlive/texmf-dist
 /urw/helvetic/uhvr8a.pfb></usr/share/texlive/texmf-dist/fonts/type1/urw/times/u
 tmb8a.pfb></usr/share/texlive/texmf-dist/fonts/type1/urw/times/utmr8a.pfb></usr
 /share/texlive/texmf-dist/fonts/type1/urw/times/utmri8a.pfb>
-Output written on document.pdf (100 pages, 2220915 bytes).
+Output written on document.pdf (101 pages, 2400365 bytes).
 PDF statistics:
- 1993 PDF objects out of 2073 (max. 8388607)
- 546 named destinations out of 1000 (max. 500000)
- 774 words of extra memory for PDF output out of 10000 (max. 10000000)
+ 2008 PDF objects out of 2073 (max. 8388607)
+ 549 named destinations out of 1000 (max. 500000)
+ 787 words of extra memory for PDF output out of 10000 (max. 10000000)

--- a/docs/document.out
+++ b/docs/document.out
@@ -61,12 +61,13 @@
 \BOOKMARK [2][-]{subsection.3.4.1}{Attacks\040and\040limitations\040of\040networking\040programs}{section.3.4}% 61
 \BOOKMARK [2][-]{subsection.3.4.2}{Takeaways}{section.3.4}% 62
 \BOOKMARK [0][-]{chapter.4}{Design\040of\040a\040malicious\040eBPF\040rootkit}{}% 63
-\BOOKMARK [1][-]{section.4.1}{Library\040injection\040attacks}{chapter.4}% 64
-\BOOKMARK [2][-]{subsection.4.1.1}{ROP\040with\040eBPF}{section.4.1}% 65
-\BOOKMARK [2][-]{subsection.4.1.2}{Bypassing\040hardening\040features\040in\040ELFs}{section.4.1}% 66
-\BOOKMARK [2][-]{subsection.4.1.3}{Library\040injection\040via\040GOT\040hijacking}{section.4.1}% 67
-\BOOKMARK [0][-]{chapter.5}{Evaluation}{}% 68
-\BOOKMARK [1][-]{section.5.1}{Developed\040capabilities}{chapter.5}% 69
-\BOOKMARK [1][-]{section.5.2}{Rootkit\040use\040cases}{chapter.5}% 70
-\BOOKMARK [0][-]{chapter.6}{Related\040work}{}% 71
-\BOOKMARK [0][-]{chapter.6}{Bibliography}{}% 72
+\BOOKMARK [1][-]{section.4.1}{Rootkit\040architecture}{chapter.4}% 64
+\BOOKMARK [1][-]{section.4.2}{Library\040injection\040attacks}{chapter.4}% 65
+\BOOKMARK [2][-]{subsection.4.2.1}{ROP\040with\040eBPF}{section.4.2}% 66
+\BOOKMARK [2][-]{subsection.4.2.2}{Bypassing\040hardening\040features\040in\040ELFs}{section.4.2}% 67
+\BOOKMARK [2][-]{subsection.4.2.3}{Library\040injection\040via\040GOT\040hijacking}{section.4.2}% 68
+\BOOKMARK [0][-]{chapter.5}{Evaluation}{}% 69
+\BOOKMARK [1][-]{section.5.1}{Developed\040capabilities}{chapter.5}% 70
+\BOOKMARK [1][-]{section.5.2}{Rootkit\040use\040cases}{chapter.5}% 71
+\BOOKMARK [0][-]{chapter.6}{Related\040work}{}% 72
+\BOOKMARK [0][-]{chapter.6}{Bibliography}{}% 73
--- a/docs/document.pdf
+++ b/docs/document.pdf
--- a/docs/document.synctex.gz
+++ b/docs/document.synctex.gz
--- a/docs/document.toc
+++ b/docs/document.toc
@@ -127,21 +127,23 @@
 \defcounter {refsection}{0}\relax 
 \contentsline {chapter}{\numberline {4}Design of a malicious eBPF rootkit}{64}{chapter.4}%
 \defcounter {refsection}{0}\relax 
-\contentsline {section}{\numberline {4.1}Library injection attacks}{64}{section.4.1}%
+\contentsline {section}{\numberline {4.1}Rootkit architecture}{64}{section.4.1}%
 \defcounter {refsection}{0}\relax 
-\contentsline {subsection}{\numberline {4.1.1}ROP with eBPF}{65}{subsection.4.1.1}%
+\contentsline {section}{\numberline {4.2}Library injection attacks}{64}{section.4.2}%
 \defcounter {refsection}{0}\relax 
-\contentsline {subsection}{\numberline {4.1.2}Bypassing hardening features in ELFs}{67}{subsection.4.1.2}%
+\contentsline {subsection}{\numberline {4.2.1}ROP with eBPF}{65}{subsection.4.2.1}%
 \defcounter {refsection}{0}\relax 
-\contentsline {subsection}{\numberline {4.1.3}Library injection via GOT hijacking}{69}{subsection.4.1.3}%
+\contentsline {subsection}{\numberline {4.2.2}Bypassing hardening features in ELFs}{68}{subsection.4.2.2}%
 \defcounter {refsection}{0}\relax 
-\contentsline {chapter}{\numberline {5}Evaluation}{71}{chapter.5}%
+\contentsline {subsection}{\numberline {4.2.3}Library injection via GOT hijacking}{70}{subsection.4.2.3}%
 \defcounter {refsection}{0}\relax 
-\contentsline {section}{\numberline {5.1}Developed capabilities}{71}{section.5.1}%
+\contentsline {chapter}{\numberline {5}Evaluation}{72}{chapter.5}%
 \defcounter {refsection}{0}\relax 
-\contentsline {section}{\numberline {5.2}Rootkit use cases}{71}{section.5.2}%
+\contentsline {section}{\numberline {5.1}Developed capabilities}{72}{section.5.1}%
 \defcounter {refsection}{0}\relax 
-\contentsline {chapter}{\numberline {6}Related work}{72}{chapter.6}%
+\contentsline {section}{\numberline {5.2}Rootkit use cases}{72}{section.5.2}%
 \defcounter {refsection}{0}\relax 
-\contentsline {chapter}{Bibliography}{73}{chapter.6}%
+\contentsline {chapter}{\numberline {6}Related work}{73}{chapter.6}%
+\defcounter {refsection}{0}\relax 
+\contentsline {chapter}{Bibliography}{74}{chapter.6}%
 \contentsfinish 
--- a/docs/images/rootkit.jpg
+++ b/docs/images/rootkit.jpg
--- a/docs/pdfa.xmpi
+++ b/docs/pdfa.xmpi
@@ -73,15 +73,15 @@
  </rdf:Description> 
  <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/"> 
   <xmp:CreatorTool>LaTeX with hyperref</xmp:CreatorTool> 
-   <xmp:ModifyDate>2022-06-11T16:30:44-04:00</xmp:ModifyDate> 
-   <xmp:CreateDate>2022-06-11T16:30:44-04:00</xmp:CreateDate> 
-   <xmp:MetadataDate>2022-06-11T16:30:44-04:00</xmp:MetadataDate> 
+   <xmp:ModifyDate>2022-06-11T22:19:38-04:00</xmp:ModifyDate> 
+   <xmp:CreateDate>2022-06-11T22:19:38-04:00</xmp:CreateDate> 
+   <xmp:MetadataDate>2022-06-11T22:19:38-04:00</xmp:MetadataDate> 
  </rdf:Description> 
  <rdf:Description rdf:about="" xmlns:xmpRights = "http://ns.adobe.com/xap/1.0/rights/"> 
  </rdf:Description> 
  <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/"> 
   <xmpMM:DocumentID>uuid:467B87E0-A1EA-A037-7CB7-0477245DEBC3</xmpMM:DocumentID> 
-   <xmpMM:InstanceID>uuid:A911227A-C454-1FF8-C50A-E41F8F5F8B00</xmpMM:InstanceID> 
+   <xmpMM:InstanceID>uuid:7F2D8D22-B1AD-408D-E1B3-D60EC0C03D95</xmpMM:InstanceID> 
  </rdf:Description> 
 </rdf:RDF> 
 </x:xmpmeta>