mirror of
https://github.com/h3xduck/TripleCross.git
synced 2025-12-17 07:33:07 +08:00
Delivered pdf
This commit is contained in:
h3xduck
@@ -133,7 +133,7 @@
|
|||||||
urldate={2022-05-22},
|
urldate={2022-05-22},
|
||||||
url={https://kernelnewbies.org/Linux_3.18}
|
url={https://kernelnewbies.org/Linux_3.18}
|
||||||
},
|
},
|
||||||
@online{ebpf_android,
|
@misc{ebpf_android,
|
||||||
title={eBPF for Windows},
|
title={eBPF for Windows},
|
||||||
urldate={2022-05-22},
|
urldate={2022-05-22},
|
||||||
url={https://source.android.com/devices/architecture/kernel/bpf}
|
url={https://source.android.com/devices/architecture/kernel/bpf}
|
||||||
@@ -447,19 +447,19 @@
|
|||||||
url={https://lwn.net/Articles/862021/}
|
url={https://lwn.net/Articles/862021/}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{bcc_github,
|
@misc{bcc_github,
|
||||||
title={BPF Compiler Collection (BCC)},
|
title={BPF Compiler Collection (BCC)},
|
||||||
urldate={2022-06-01},
|
urldate={2022-06-01},
|
||||||
url={https://github.com/iovisor/bcc}
|
url={https://github.com/iovisor/bcc}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{libbpf_upstream,
|
@misc{libbpf_upstream,
|
||||||
title={BPF next kernel tree},
|
title={BPF next kernel tree},
|
||||||
urldate={2022-06-01},
|
urldate={2022-06-01},
|
||||||
url={https://kernel.googlesource.com/pub/scm/linux/kernel/git/bpf/bpf-next}
|
url={https://kernel.googlesource.com/pub/scm/linux/kernel/git/bpf/bpf-next}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{libbpf_github,
|
@misc{libbpf_github,
|
||||||
title={libbpf GitHub},
|
title={libbpf GitHub},
|
||||||
urldate={2022-06-01},
|
urldate={2022-06-01},
|
||||||
url={https://github.com/libbpf/libbpf}
|
url={https://github.com/libbpf/libbpf}
|
||||||
@@ -495,7 +495,7 @@
|
|||||||
pages={9}
|
pages={9}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{ebpf_caps_intro,
|
@misc{ebpf_caps_intro,
|
||||||
title={[PATCH v7 bpf-next 1/3] bpf, capability: Introduce CAP\_BPF},
|
title={[PATCH v7 bpf-next 1/3] bpf, capability: Introduce CAP\_BPF},
|
||||||
urldate={2022-06-02},
|
urldate={2022-06-02},
|
||||||
url={https://lore.kernel.org/bpf/20200513230355.7858-2-alexei.starovoitov@gmail.com/}
|
url={https://lore.kernel.org/bpf/20200513230355.7858-2-alexei.starovoitov@gmail.com/}
|
||||||
@@ -507,25 +507,25 @@
|
|||||||
url={https://lwn.net/Articles/797807/}
|
url={https://lwn.net/Articles/797807/}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{unprivileged_ebpf,
|
@misc{unprivileged_ebpf,
|
||||||
title={Reconsidering unprivileged BPF},
|
title={Reconsidering unprivileged BPF},
|
||||||
urldate={2022-06-03},
|
urldate={2022-06-03},
|
||||||
url={https://lwn.net/Articles/796328/}
|
url={https://lwn.net/Articles/796328/}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{cve_unpriv_ebpf,
|
@misc{cve_unpriv_ebpf,
|
||||||
title={CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability},
|
title={CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability},
|
||||||
urldate={2022-06-03},
|
urldate={2022-06-03},
|
||||||
url={https://www.openwall.com/lists/oss-security/2022/01/11/4}
|
url={https://www.openwall.com/lists/oss-security/2022/01/11/4}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{unpriv_ebpf_ubuntu,
|
@misc{unpriv_ebpf_ubuntu,
|
||||||
title={Unprivileged eBPF disabled by default for Ubuntu 20.04 LTS, 18.04 LTS, 16.04 ESM},
|
title={Unprivileged eBPF disabled by default for Ubuntu 20.04 LTS, 18.04 LTS, 16.04 ESM},
|
||||||
urldate={2022-06-03},
|
urldate={2022-06-03},
|
||||||
url={https://discourse.ubuntu.com/t/unprivileged-ebpf-disabled-by-default-for-ubuntu-20-04-lts-18-04-lts-16-04-esm/27047}
|
url={https://discourse.ubuntu.com/t/unprivileged-ebpf-disabled-by-default-for-ubuntu-20-04-lts-18-04-lts-16-04-esm/27047}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{unpriv_ebpf_redhat,
|
@misc{unpriv_ebpf_redhat,
|
||||||
title={CVE-2022-0002},
|
title={CVE-2022-0002},
|
||||||
urldate={2022-06-03},
|
urldate={2022-06-03},
|
||||||
url={https://access.redhat.com/security/cve/cve-2021-4001}
|
url={https://access.redhat.com/security/cve/cve-2021-4001}
|
||||||
@@ -557,19 +557,19 @@ AMD64 Architecture Processor Supplement},
|
|||||||
pages={15}
|
pages={15}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{ebpf_override_return,
|
@misc{ebpf_override_return,
|
||||||
title={BPF-based error injection for the kernel},
|
title={BPF-based error injection for the kernel},
|
||||||
urldate={2022-06-06},
|
urldate={2022-06-06},
|
||||||
url={https://lwn.net/Articles/740146/}
|
url={https://lwn.net/Articles/740146/}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{code_kernel_open,
|
@misc{code_kernel_open,
|
||||||
title={Linux kernel source code},
|
title={Linux kernel source code},
|
||||||
urldate={2022-06-06},
|
urldate={2022-06-06},
|
||||||
url={https://elixir.bootlin.com/linux/v5.11/source/fs/open.c#L1192}
|
url={https://elixir.bootlin.com/linux/v5.11/source/fs/open.c#L1192}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{code_kernel_syscall,
|
@misc{code_kernel_syscall,
|
||||||
title={Linux kernel source code},
|
title={Linux kernel source code},
|
||||||
urldate={2022-06-06},
|
urldate={2022-06-06},
|
||||||
url={https://elixir.bootlin.com/linux/v5.11/source/include/linux/syscalls.h#L233}
|
url={https://elixir.bootlin.com/linux/v5.11/source/include/linux/syscalls.h#L233}
|
||||||
@@ -619,13 +619,13 @@ AMD64 Architecture Processor Supplement},
|
|||||||
url={https://raw.githubusercontent.com/wiki/hjl-tools/x86-psABI/x86-64-psABI-1.0.pdf}
|
url={https://raw.githubusercontent.com/wiki/hjl-tools/x86-psABI/x86-64-psABI-1.0.pdf}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{write_helper_non_fault,
|
@misc{write_helper_non_fault,
|
||||||
title={probe\_write\_common\_error},
|
title={probe\_write\_common\_error},
|
||||||
urldate={2022-06-06},
|
urldate={2022-06-06},
|
||||||
url={https://www.spinics.net/lists/bpf/msg16795.html}
|
url={https://www.spinics.net/lists/bpf/msg16795.html}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{code_vfs_read,
|
@misc{code_vfs_read,
|
||||||
title={Linux kernel source code},
|
title={Linux kernel source code},
|
||||||
urldate={2022-06-07},
|
urldate={2022-06-07},
|
||||||
url={https://elixir.bootlin.com/linux/v5.11/source/fs/read_write.c#L476}
|
url={https://elixir.bootlin.com/linux/v5.11/source/fs/read_write.c#L476}
|
||||||
@@ -657,7 +657,7 @@ AMD64 Architecture Processor Supplement},
|
|||||||
url={https://www.ibm.com/docs/en/aix/7.2?topic=protocols-transmission-control-protocol}
|
url={https://www.ibm.com/docs/en/aix/7.2?topic=protocols-transmission-control-protocol}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{tcp_handshake,
|
@misc{tcp_handshake,
|
||||||
title={Three-Way Handshake},
|
title={Three-Way Handshake},
|
||||||
urldate={2022-06-08},
|
urldate={2022-06-08},
|
||||||
url={https://www.sciencedirect.com/topics/computer-science/three-way-handshake}
|
url={https://www.sciencedirect.com/topics/computer-science/three-way-handshake}
|
||||||
@@ -683,13 +683,13 @@ AMD64 Architecture Processor Supplement},
|
|||||||
pages={37}
|
pages={37}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{rop_prog_finder,
|
@misc{rop_prog_finder,
|
||||||
title={ROPgadget Tool},
|
title={ROPgadget Tool},
|
||||||
urldate={2022-06-08},
|
urldate={2022-06-08},
|
||||||
url={https://github.com/JonathanSalwan/ROPgadget}
|
url={https://github.com/JonathanSalwan/ROPgadget}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{glibc,
|
@misc{glibc,
|
||||||
title={The GNU C library},
|
title={The GNU C library},
|
||||||
urldate={2022-06-08},
|
urldate={2022-06-08},
|
||||||
url={https://www.gnu.org/software/libc/}
|
url={https://www.gnu.org/software/libc/}
|
||||||
@@ -717,13 +717,13 @@ AMD64 Architecture Processor Supplement},
|
|||||||
url={https://wiki.osdev.org/ELF}
|
url={https://wiki.osdev.org/ELF}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{pie_exploit,
|
@misc{pie_exploit,
|
||||||
title={Position Independent Code},
|
title={Position Independent Code},
|
||||||
urldate={2022-06-08},
|
urldate={2022-06-08},
|
||||||
url={https://ir0nstone.gitbook.io/notes/types/stack/pie}
|
url={https://ir0nstone.gitbook.io/notes/types/stack/pie}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{aslr_pie_intro,
|
@misc{aslr_pie_intro,
|
||||||
title={aslr/pie intro},
|
title={aslr/pie intro},
|
||||||
urldate={2022-06-08},
|
urldate={2022-06-08},
|
||||||
url={https://guyinatuxedo.github.io/5.1-mitigation_aslr_pie/index.html#aslrpie-intro}
|
url={https://guyinatuxedo.github.io/5.1-mitigation_aslr_pie/index.html#aslrpie-intro}
|
||||||
@@ -753,13 +753,13 @@ AMD64 Architecture Processor Supplement},
|
|||||||
url={https://www.phoronix.com/scan.php?page=news_item&px=Intel-CET-v29}
|
url={https://www.phoronix.com/scan.php?page=news_item&px=Intel-CET-v29}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{canary_exploit,
|
@misc{canary_exploit,
|
||||||
title={Stack Canaries},
|
title={Stack Canaries},
|
||||||
urldate={2022-06-08},
|
urldate={2022-06-08},
|
||||||
url={https://ir0nstone.gitbook.io/notes/types/stack/canaries}
|
url={https://ir0nstone.gitbook.io/notes/types/stack/canaries}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{rawtcp_lib,
|
@misc{rawtcp_lib,
|
||||||
title={RawTCP\_Lib},
|
title={RawTCP\_Lib},
|
||||||
author={Marcos Sánchez Bajo},
|
author={Marcos Sánchez Bajo},
|
||||||
urldate={2022-06-10},
|
urldate={2022-06-10},
|
||||||
@@ -772,7 +772,7 @@ AMD64 Architecture Processor Supplement},
|
|||||||
url={https://man7.org/linux/man-pages/man5/proc.5.html}
|
url={https://man7.org/linux/man-pages/man5/proc.5.html}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{proc_mem_write,
|
@misc{proc_mem_write,
|
||||||
title={enable writing to /proc/pid/mem},
|
title={enable writing to /proc/pid/mem},
|
||||||
urldate={2022-06-12},
|
urldate={2022-06-12},
|
||||||
url={https://lwn.net/Articles/433326/}
|
url={https://lwn.net/Articles/433326/}
|
||||||
@@ -784,13 +784,13 @@ AMD64 Architecture Processor Supplement},
|
|||||||
url={https://www.imperva.com/learn/application-security/reverse-shell/}
|
url={https://www.imperva.com/learn/application-security/reverse-shell/}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{sudoers_man,
|
@misc{sudoers_man,
|
||||||
title={die.net sudoers(5) - Linux man page},
|
title={die.net sudoers(5) - Linux man page},
|
||||||
urldate={2022-06-13},
|
urldate={2022-06-13},
|
||||||
url={https://linux.die.net/man/5/sudoers}
|
url={https://linux.die.net/man/5/sudoers}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{syscall_reference,
|
@misc{syscall_reference,
|
||||||
title={Linux Syscall Reference (64bit)},
|
title={Linux Syscall Reference (64bit)},
|
||||||
urldate={2022-06-13},
|
urldate={2022-06-13},
|
||||||
url={https://syscalls64.paolostivanin.com/}
|
url={https://syscalls64.paolostivanin.com/}
|
||||||
@@ -808,7 +808,7 @@ AMD64 Architecture Processor Supplement},
|
|||||||
url={https://linuxize.com/post/how-to-set-and-list-environment-variables-in-linux/}
|
url={https://linuxize.com/post/how-to-set-and-list-environment-variables-in-linux/}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{execve_man,
|
@misc{execve_man,
|
||||||
title={execve(2) — Linux manual page},
|
title={execve(2) — Linux manual page},
|
||||||
urldate={2022-06-13},
|
urldate={2022-06-13},
|
||||||
url={https://man7.org/linux/man-pages/man2/execve.2.html}
|
url={https://man7.org/linux/man-pages/man2/execve.2.html}
|
||||||
@@ -821,26 +821,26 @@ AMD64 Architecture Processor Supplement},
|
|||||||
url={https://lists.linuxfoundation.org/pipermail/iovisor-dev/2017-September/001035.html}
|
url={https://lists.linuxfoundation.org/pipermail/iovisor-dev/2017-September/001035.html}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{c_standard_main,
|
@misc{c_standard_main,
|
||||||
title={Main function},
|
title={Main function},
|
||||||
urldate={2022-06-15},
|
urldate={2022-06-15},
|
||||||
url={https://en.cppreference.com/w/c/language/main_function}
|
url={https://en.cppreference.com/w/c/language/main_function}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{busybox_argv,
|
@misc{busybox_argv,
|
||||||
title={BusyBox Examples},
|
title={BusyBox Examples},
|
||||||
urldate={2022-06-15},
|
urldate={2022-06-15},
|
||||||
url={https://en.wikipedia.org/wiki/BusyBox#Examples}
|
url={https://en.wikipedia.org/wiki/BusyBox#Examples}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{ips,
|
@misc{ips,
|
||||||
title={What is an intrusion prevention system?},
|
title={What is an intrusion prevention system?},
|
||||||
organization={VMware},
|
organization={VMware},
|
||||||
urldate={2022-06-16},
|
urldate={2022-06-16},
|
||||||
url={https://www.vmware.com/topics/glossary/content/intrusion-prevention-system.html}
|
url={https://www.vmware.com/topics/glossary/content/intrusion-prevention-system.html}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{port_knocking,
|
@misc{port_knocking,
|
||||||
title={Port Knocking -- Network Authentication Across Closed Ports},
|
title={Port Knocking -- Network Authentication Across Closed Ports},
|
||||||
author={Martin Krzywinski},
|
author={Martin Krzywinski},
|
||||||
urldate={2022-06-16},
|
urldate={2022-06-16},
|
||||||
@@ -856,13 +856,13 @@ AMD64 Architecture Processor Supplement},
|
|||||||
url = {https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf}
|
url = {https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{pangu_lab,
|
@misc{pangu_lab,
|
||||||
title={Welcome to Pangu Research Lab},
|
title={Welcome to Pangu Research Lab},
|
||||||
urldate={2022-06-16},
|
urldate={2022-06-16},
|
||||||
url={https://pangukaitian.github.io/pangu/?lg=en}
|
url={https://pangukaitian.github.io/pangu/?lg=en}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{rfc_tcp4,
|
@misc{rfc_tcp4,
|
||||||
title={TFC 793},
|
title={TFC 793},
|
||||||
institution={Information Sciences Institute, University of Southern California},
|
institution={Information Sciences Institute, University of Southern California},
|
||||||
date={1981-09-01},
|
date={1981-09-01},
|
||||||
@@ -870,7 +870,7 @@ AMD64 Architecture Processor Supplement},
|
|||||||
url={https://datatracker.ietf.org/doc/html/rfc793}
|
url={https://datatracker.ietf.org/doc/html/rfc793}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{tcp_syn_payload,
|
@misc{tcp_syn_payload,
|
||||||
title={TCP Fast Open: expediting web services},
|
title={TCP Fast Open: expediting web services},
|
||||||
date={2012-08-01},
|
date={2012-08-01},
|
||||||
urldate={2022-06-16},
|
urldate={2022-06-16},
|
||||||
@@ -887,33 +887,33 @@ AMD64 Architecture Processor Supplement},
|
|||||||
url={https://books.google.es/books?id=-lvwaqFbIS8C&dq=syn+packet+firewall+ignore+payload}
|
url={https://books.google.es/books?id=-lvwaqFbIS8C&dq=syn+packet+firewall+ignore+payload}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{hive_implant,
|
@misc{hive_implant,
|
||||||
title={(U) Hive Engineering Development Guide},
|
title={(U) Hive Engineering Development Guide},
|
||||||
date = {2014-10-15},
|
date = {2014-10-15},
|
||||||
urldate={2022-06-17},
|
urldate={2022-06-17},
|
||||||
url={https://wikileaks.org/vault7/document/hive-DevelopersGuide/hive-DevelopersGuide.pdf}
|
url={https://wikileaks.org/vault7/document/hive-DevelopersGuide/hive-DevelopersGuide.pdf}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{crc,
|
@misc{crc,
|
||||||
title={Cyclic redundancy check},
|
title={Cyclic redundancy check},
|
||||||
organization={Wikipedia},
|
organization={Wikipedia},
|
||||||
urldate={2022-06-17},
|
urldate={2022-06-17},
|
||||||
url={https://en.wikipedia.org/wiki/Cyclic_redundancy_check}
|
url={https://en.wikipedia.org/wiki/Cyclic_redundancy_check}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{file_descriptors,
|
@misc{file_descriptors,
|
||||||
title={File Descriptor},
|
title={File Descriptor},
|
||||||
urldate={2022-06-17},
|
urldate={2022-06-17},
|
||||||
url={http://www.cse.cuhk.edu.hk/~ericlo/teaching/os/lab/11-FS/fd.html}
|
url={http://www.cse.cuhk.edu.hk/~ericlo/teaching/os/lab/11-FS/fd.html}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{raw_sockets,
|
@misc{raw_sockets,
|
||||||
title={raw(7) — Linux manual page},
|
title={raw(7) — Linux manual page},
|
||||||
urldate={2022-06-18},
|
urldate={2022-06-18},
|
||||||
urlhttps://man7.org/linux/man-pages/man7/raw.7.html={}
|
urlhttps://man7.org/linux/man-pages/man7/raw.7.html={}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{cron,
|
@misc{cron,
|
||||||
title={How To Add Jobs To cron Under Linux or UNIX},
|
title={How To Add Jobs To cron Under Linux or UNIX},
|
||||||
date={2022-06-02},
|
date={2022-06-02},
|
||||||
author={Vivek Gite},
|
author={Vivek Gite},
|
||||||
@@ -921,7 +921,7 @@ AMD64 Architecture Processor Supplement},
|
|||||||
url={https://www.cyberciti.biz/faq/how-do-i-add-jobs-to-cron-under-linux-or-unix-oses/}
|
url={https://www.cyberciti.biz/faq/how-do-i-add-jobs-to-cron-under-linux-or-unix-oses/}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{linux_daemons,
|
@misc{linux_daemons,
|
||||||
title={Linux Jargon Buster: What are Daemons in Linux?},
|
title={Linux Jargon Buster: What are Daemons in Linux?},
|
||||||
date={2021-06-05},
|
date={2021-06-05},
|
||||||
author={Bill Dyer},
|
author={Bill Dyer},
|
||||||
@@ -929,31 +929,31 @@ AMD64 Architecture Processor Supplement},
|
|||||||
url={https://itsfoss.com/linux-daemons/}
|
url={https://itsfoss.com/linux-daemons/}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{code_kernel_getdents64,
|
@misc{code_kernel_getdents64,
|
||||||
title={Linux kernel source code},
|
title={Linux kernel source code},
|
||||||
urldate={2022-06-19},
|
urldate={2022-06-19},
|
||||||
url={https://elixir.bootlin.com/linux/v5.11/source/fs/readdir.c#L351}
|
url={https://elixir.bootlin.com/linux/v5.11/source/fs/readdir.c#L351}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{getdents_man,
|
@misc{getdents_man,
|
||||||
title={getdents(2) — Linux manual page},
|
title={getdents(2) — Linux manual page},
|
||||||
urldate={2022-06-19},
|
urldate={2022-06-19},
|
||||||
url={https://man7.org/linux/man-pages/man2/getdents.2.html}
|
url={https://man7.org/linux/man-pages/man2/getdents.2.html}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{code_kernel_linux_dirent64,
|
@misc{code_kernel_linux_dirent64,
|
||||||
title={Linux kernel source code},
|
title={Linux kernel source code},
|
||||||
urldate={2022-06-19},
|
urldate={2022-06-19},
|
||||||
url={https://elixir.bootlin.com/linux/v5.11/source/include/linux/dirent.h#L5}
|
url={https://elixir.bootlin.com/linux/v5.11/source/include/linux/dirent.h#L5}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{code_kerel_getdents_buffer_alignation,
|
@misc{code_kerel_getdents_buffer_alignation,
|
||||||
title={Linux kernel source code},
|
title={Linux kernel source code},
|
||||||
urldate={2022-06-19},
|
urldate={2022-06-19},
|
||||||
url={https://elixir.bootlin.com/linux/v5.11/source/fs/readdir.c#L313}
|
url={https://elixir.bootlin.com/linux/v5.11/source/fs/readdir.c#L313}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{xcellerator_getdents,
|
@misc{xcellerator_getdents,
|
||||||
title={Linux Rootkits Part 6: Hiding Directories},
|
title={Linux Rootkits Part 6: Hiding Directories},
|
||||||
date={2020-09-19},
|
date={2020-09-19},
|
||||||
urldate={2022-06-19},
|
urldate={2022-06-19},
|
||||||
@@ -961,7 +961,7 @@ AMD64 Architecture Processor Supplement},
|
|||||||
url={https://xcellerator.github.io/posts/linux_rootkits_06/}
|
url={https://xcellerator.github.io/posts/linux_rootkits_06/}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{embracethered_getdents,
|
@misc{embracethered_getdents,
|
||||||
title={Offensive BPF: Understanding and using bpf\_probe\_write\_user},
|
title={Offensive BPF: Understanding and using bpf\_probe\_write\_user},
|
||||||
date={2021-10-20},
|
date={2021-10-20},
|
||||||
urldate={2022-06-19},
|
urldate={2022-06-19},
|
||||||
@@ -969,32 +969,32 @@ AMD64 Architecture Processor Supplement},
|
|||||||
url={https://embracethered.com/blog/posts/2021/offensive-bpf-libbpf-bpf_probe_write_user/}
|
url={https://embracethered.com/blog/posts/2021/offensive-bpf-libbpf-bpf_probe_write_user/}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{dtype_dirent,
|
@misc{dtype_dirent,
|
||||||
title={Format of a Directory Entry},
|
title={Format of a Directory Entry},
|
||||||
urldate={2022-06-19},
|
urldate={2022-06-19},
|
||||||
url={https://www.gnu.org/software/libc/manual/html_node/Directory-Entries.html}
|
url={https://www.gnu.org/software/libc/manual/html_node/Directory-Entries.html}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{virtualbox_page,
|
@misc{virtualbox_page,
|
||||||
title={VirtualBox},
|
title={VirtualBox},
|
||||||
urldate={2022-06-21},
|
urldate={2022-06-21},
|
||||||
url={https://www.virtualbox.org/}
|
url={https://www.virtualbox.org/}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{bridged_networking,
|
@misc{bridged_networking,
|
||||||
title={Bridgeg Networking},
|
title={Bridgeg Networking},
|
||||||
urldate={2022-06-21},
|
urldate={2022-06-21},
|
||||||
url={https://docs.oracle.com/en/virtualization/virtualbox/6.0/user/network_bridged.html}
|
url={https://docs.oracle.com/en/virtualization/virtualbox/6.0/user/network_bridged.html}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{nat_comptia,
|
@misc{nat_comptia,
|
||||||
title={What Is NAT?},
|
title={What Is NAT?},
|
||||||
institution={CompTIA},
|
institution={CompTIA},
|
||||||
urldate={2022-06-21},
|
urldate={2022-06-21},
|
||||||
url={https://www.comptia.org/content/guides/what-is-network-address-translation}
|
url={https://www.comptia.org/content/guides/what-is-network-address-translation}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{kernel_modules_restrict,
|
@misc{kernel_modules_restrict,
|
||||||
title={Increasing Linux kernel integrity},
|
title={Increasing Linux kernel integrity},
|
||||||
author={Michael Boelen},
|
author={Michael Boelen},
|
||||||
date={2015-05-12},
|
date={2015-05-12},
|
||||||
@@ -1002,7 +1002,7 @@ AMD64 Architecture Processor Supplement},
|
|||||||
url={https://linux-audit.com/increase-kernel-integrity-with-disabled-linux-kernel-modules-loading/}
|
url={https://linux-audit.com/increase-kernel-integrity-with-disabled-linux-kernel-modules-loading/}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{jynx2_infosecinstitute,
|
@misc{jynx2_infosecinstitute,
|
||||||
title={Blackhat Academy},
|
title={Blackhat Academy},
|
||||||
author={Blackhat Academy},
|
author={Blackhat Academy},
|
||||||
date={2012-03-15},
|
date={2012-03-15},
|
||||||
@@ -1037,75 +1037,75 @@ Userland Linux Rootkits},
|
|||||||
url={https://www.bsidesdub.ie/past/media/2022/darren_martyn_userland_linux_rootkits.pdf}
|
url={https://www.bsidesdub.ie/past/media/2022/darren_martyn_userland_linux_rootkits.pdf}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{jynx_github,
|
@misc{jynx_github,
|
||||||
title={Jynx-kit},
|
title={Jynx-kit},
|
||||||
author={BlackHatAcademy.org},
|
author={BlackHatAcademy.org},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://github.com/chokepoint/jynxkit}
|
url={https://github.com/chokepoint/jynxkit}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{jynx2_github,
|
@misc{jynx2_github,
|
||||||
title={Jynx-kit (2)},
|
title={Jynx-kit (2)},
|
||||||
author={BlackHatAcademy.org},
|
author={BlackHatAcademy.org},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://github.com/chokepoint/Jynx2}
|
url={https://github.com/chokepoint/Jynx2}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{azazel_github,
|
@misc{azazel_github,
|
||||||
title={Azazel},
|
title={Azazel},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://github.com/chokepoint/azazel}
|
url={https://github.com/chokepoint/azazel}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{azazel_wiki,
|
@misc{azazel_wiki,
|
||||||
title={Azazel},
|
title={Azazel},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://web.archive.org/web/20141102234744/http://blackhatlibrary.net/Azazel#Hooking_Methods}
|
url={https://web.archive.org/web/20141102234744/http://blackhatlibrary.net/Azazel#Hooking_Methods}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{ld_preload_detect,
|
@misc{ld_preload_detect,
|
||||||
title={Linux Attack Techniques: Dynamic Linker Hijacking with LD Preload},
|
title={Linux Attack Techniques: Dynamic Linker Hijacking with LD Preload},
|
||||||
date={2022-05-18},
|
date={2022-05-18},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://www.cadosecurity.com/linux-attack-techniques-dynamic-linker-hijacking-with-ld-preload/}
|
url={https://www.cadosecurity.com/linux-attack-techniques-dynamic-linker-hijacking-with-ld-preload/}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{suckit_rootkit,
|
@misc{suckit_rootkit,
|
||||||
title={SucKIT rootkit},
|
title={SucKIT rootkit},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://github.com/CSLDepend/exploits/blob/master/Rootkit_tools/suckit2priv.tar.gz}
|
url={https://github.com/CSLDepend/exploits/blob/master/Rootkit_tools/suckit2priv.tar.gz}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{suckit_lasamhna,
|
@misc{suckit_lasamhna,
|
||||||
title={Linux Kernel Rootkits},
|
title={Linux Kernel Rootkits},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://www.la-samhna.de/library/rootkits/basics.html#FLOW}
|
url={https://www.la-samhna.de/library/rootkits/basics.html#FLOW}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{dev_kmem,
|
@misc{dev_kmem,
|
||||||
title={kmem(4) - Linux man page},
|
title={kmem(4) - Linux man page},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://linux.die.net/man/4/kmem}
|
url={https://linux.die.net/man/4/kmem}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{dev_kmem_debian,
|
@misc{dev_kmem_debian,
|
||||||
title={mem(4)},
|
title={mem(4)},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://manpages.debian.org/buster-backports/manpages/port.4.en.html}
|
url={https://manpages.debian.org/buster-backports/manpages/port.4.en.html}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{dev_kmem_off_default,
|
@misc{dev_kmem_off_default,
|
||||||
title={Change CONFIG\_DEVKMEM default value to n},
|
title={Change CONFIG\_DEVKMEM default value to n},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://lore.kernel.org/all/20161007035719.GB17183@kroah.com/T/}
|
url={https://lore.kernel.org/all/20161007035719.GB17183@kroah.com/T/}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{diamorphine_github,
|
@misc{diamorphine_github,
|
||||||
title={Diamorphine},
|
title={Diamorphine},
|
||||||
url={https://github.com/m0nad/Diamorphine}
|
url={https://github.com/m0nad/Diamorphine}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{incibe_rootkit_lkm,
|
@misc{incibe_rootkit_lkm,
|
||||||
title={Malware in Linux: Kernel-mode-rootkits},
|
title={Malware in Linux: Kernel-mode-rootkits},
|
||||||
author={Antonio López},
|
author={Antonio López},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
@@ -1113,19 +1113,19 @@ Userland Linux Rootkits},
|
|||||||
url={https://www.incibe-cert.es/en/blog/kernel-rootkits-en}
|
url={https://www.incibe-cert.es/en/blog/kernel-rootkits-en}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{reptile_github,
|
@misc{reptile_github,
|
||||||
title={Reptile},
|
title={Reptile},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://github.com/f0rb1dd3n/Reptile}
|
url={https://github.com/f0rb1dd3n/Reptile}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{usermode_helper_lkm,
|
@misc{usermode_helper_lkm,
|
||||||
title={call\_usermodehelper, Module Loading},
|
title={call\_usermodehelper, Module Loading},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://www.kernel.org/doc/htmldocs/kernel-api/API-call-usermodehelper.html}
|
url={https://www.kernel.org/doc/htmldocs/kernel-api/API-call-usermodehelper.html}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{rasps,
|
@misc{rasps,
|
||||||
title={RASP rings in a new Java application security paradigm},
|
title={RASP rings in a new Java application security paradigm},
|
||||||
author={Hussein Badakhchani},
|
author={Hussein Badakhchani},
|
||||||
date={2016-10-20},
|
date={2016-10-20},
|
||||||
@@ -1133,20 +1133,20 @@ Userland Linux Rootkits},
|
|||||||
url={https://www.infoworld.com/article/3125515/rasp-rings-in-a-new-java-application-security-paradigm.html}
|
url={https://www.infoworld.com/article/3125515/rasp-rings-in-a-new-java-application-security-paradigm.html}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{sql_injection,
|
@misc{sql_injection,
|
||||||
title={SQL Injection},
|
title={SQL Injection},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://www.w3schools.com/sql/sql_injection.asp}
|
url={https://www.w3schools.com/sql/sql_injection.asp}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{boopkit,
|
@misc{boopkit,
|
||||||
title={Boopkit},
|
title={Boopkit},
|
||||||
author={Kris Nóva},
|
author={Kris Nóva},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://github.com/kris-nova/boopkit}
|
url={https://github.com/kris-nova/boopkit}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{symbiote,
|
@misc{symbiote,
|
||||||
title={Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat},
|
title={Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat},
|
||||||
institution={The BlackBerry Research & Intelligence Team},
|
institution={The BlackBerry Research & Intelligence Team},
|
||||||
date={2022-06-09},
|
date={2022-06-09},
|
||||||
@@ -1154,7 +1154,7 @@ Userland Linux Rootkits},
|
|||||||
url={https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat}
|
url={https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{pentest_redteam,
|
@misc{pentest_redteam,
|
||||||
title={Penetration Test vs. Red Team Assessment: The Age Old Debate of Pirates vs. Ninjas Continues},
|
title={Penetration Test vs. Red Team Assessment: The Age Old Debate of Pirates vs. Ninjas Continues},
|
||||||
date={2016-06-23},
|
date={2016-06-23},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
@@ -1162,7 +1162,7 @@ Userland Linux Rootkits},
|
|||||||
url={https://www.rapid7.com/blog/post/2016/06/23/penetration-testing-vs-red-teaming-the-age-old-debate-of-pirates-vs-ninja-continues/}
|
url={https://www.rapid7.com/blog/post/2016/06/23/penetration-testing-vs-red-teaming-the-age-old-debate-of-pirates-vs-ninja-continues/}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{nist_cyber,
|
@misc{nist_cyber,
|
||||||
title={Framework for Improving Critical Infrastructure Cybersecurity},
|
title={Framework for Improving Critical Infrastructure Cybersecurity},
|
||||||
date={2018-04-16},
|
date={2018-04-16},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
@@ -1170,7 +1170,7 @@ Userland Linux Rootkits},
|
|||||||
url={https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf}
|
url={https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{mitre_blog,
|
@misc{mitre_blog,
|
||||||
title={ATT\&CK 101},
|
title={ATT\&CK 101},
|
||||||
author={Blake Strom},
|
author={Blake Strom},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
@@ -1178,50 +1178,50 @@ Userland Linux Rootkits},
|
|||||||
url={https://medium.com/mitre-attack/att-ck-101-17074d3bc62}
|
url={https://medium.com/mitre-attack/att-ck-101-17074d3bc62}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{mitre_blog_2,
|
@misc{mitre_blog_2,
|
||||||
title={What Is the MITRE ATT\&CK Framework?},
|
title={What Is the MITRE ATT\&CK Framework?},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://www.trellix.com/en-us/security-awareness/cybersecurity/what-is-mitre-attack-framework.html}
|
url={https://www.trellix.com/en-us/security-awareness/cybersecurity/what-is-mitre-attack-framework.html}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{mitre_matrix_linux,
|
@misc{mitre_matrix_linux,
|
||||||
title={ATT\&CK Matrix for Enterprise},
|
title={ATT\&CK Matrix for Enterprise},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://attack.mitre.org/matrices/enterprise/linux/}
|
url={https://attack.mitre.org/matrices/enterprise/linux/}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{glass_analyst,
|
@misc{glass_analyst,
|
||||||
title={Cyber Security Analist salary in Madrid},
|
title={Cyber Security Analist salary in Madrid},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://www.glassdoor.es/Sueldos/madrid-cyber-security-analyst-sueldo-SRCH_IL.0,6_IM1030_KO7,29.htm}
|
url={https://www.glassdoor.es/Sueldos/madrid-cyber-security-analyst-sueldo-SRCH_IL.0,6_IM1030_KO7,29.htm}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{glass_manager,
|
@misc{glass_manager,
|
||||||
title={Project Manager salary in Madrid},
|
title={Project Manager salary in Madrid},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://www.glassdoor.es/Sueldos/madrid-project-manager-sueldo-SRCH_IL.0,6_IM1030_KO7,22.htm?clickSource=searchBtn}
|
url={https://www.glassdoor.es/Sueldos/madrid-project-manager-sueldo-SRCH_IL.0,6_IM1030_KO7,22.htm?clickSource=searchBtn}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{glass_programmer,
|
@misc{glass_programmer,
|
||||||
title={Programmer salary in Madrid},
|
title={Programmer salary in Madrid},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://www.glassdoor.es/Sueldos/madrid-programmer-sueldo-SRCH_IL.0,6_IM1030_KO7,17.htm?clickSource=searchBtn}
|
url={https://www.glassdoor.es/Sueldos/madrid-programmer-sueldo-SRCH_IL.0,6_IM1030_KO7,17.htm?clickSource=searchBtn}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{ebpfkit_monitor_github,
|
@misc{ebpfkit_monitor_github,
|
||||||
title={ebpfkit-monitor},
|
title={ebpfkit-monitor},
|
||||||
author = {Guillaume Fournier, Sylvain Afchain},
|
author = {Guillaume Fournier, Sylvain Afchain},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://github.com/Gui774ume/ebpfkit-monitor}
|
url={https://github.com/Gui774ume/ebpfkit-monitor}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{lkm_signing,
|
@misc{lkm_signing,
|
||||||
title={Kernel module signing facility},
|
title={Kernel module signing facility},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html}
|
url={https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{bpf_signing,
|
@misc{bpf_signing,
|
||||||
title={Toward signed BPF programs},
|
title={Toward signed BPF programs},
|
||||||
author={Jonathan Corbet},
|
author={Jonathan Corbet},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
@@ -1229,32 +1229,32 @@ Userland Linux Rootkits},
|
|||||||
url={https://lwn.net/Articles/853489/}
|
url={https://lwn.net/Articles/853489/}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{arch_linux_sign,
|
@misc{arch_linux_sign,
|
||||||
title={Signed kernel modules},
|
title={Signed kernel modules},
|
||||||
urldate={2022-06-22},
|
urldate={2022-06-22},
|
||||||
url={https://wiki.archlinux.org/title/Signed_kernel_modules}
|
url={https://wiki.archlinux.org/title/Signed_kernel_modules}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{triplecross_github,
|
@misc{triplecross_github,
|
||||||
title={TripleCross},
|
title={TripleCross},
|
||||||
urldate={2022-06-23},
|
urldate={2022-06-23},
|
||||||
author={Marcos Sánchez Bajo},
|
author={Marcos Sánchez Bajo},
|
||||||
url={https://github.com/h3xduck/TripleCross}
|
url={https://github.com/h3xduck/TripleCross}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{repo_simple_timer,
|
@misc{repo_simple_timer,
|
||||||
title={simple\_timer.c},
|
title={simple\_timer.c},
|
||||||
urldate={2022-06-23},
|
urldate={2022-06-23},
|
||||||
url={https://github.com/h3xduck/TripleCross/blob/master/src/helpers/simple_timer.c}
|
url={https://github.com/h3xduck/TripleCross/blob/master/src/helpers/simple_timer.c}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{repo_execve_hijack,
|
@misc{repo_execve_hijack,
|
||||||
title={simple\_timer.c},
|
title={simple\_timer.c},
|
||||||
urldate={2022-06-23},
|
urldate={2022-06-23},
|
||||||
url={https://github.com/h3xduck/TripleCross/blob/master/src/helpers/execve_hijack.c}
|
url={https://github.com/h3xduck/TripleCross/blob/master/src/helpers/execve_hijack.c}
|
||||||
},
|
},
|
||||||
|
|
||||||
@online{downgrade_attack,
|
@misc{downgrade_attack,
|
||||||
title={What is a downgrade attack and how to prevent it},
|
title={What is a downgrade attack and how to prevent it},
|
||||||
author={Borislav Kiprin},
|
author={Borislav Kiprin},
|
||||||
date={2022-04-18},
|
date={2022-04-18},
|
||||||
|
|||||||
Binary file not shown.
Reference in New Issue
Block a user