h3xduck
|
4a292f0f7a
|
Merged master and develop, now all changes together. Fully tested and working.
|
2022-05-15 20:46:35 -04:00 |
|
h3xduck
|
ce3b267d01
|
Fixed phantom shell, added ips for all types of backdoor triggers so that we can use different interfaces
|
2022-05-15 16:45:47 -04:00 |
|
h3xduck
|
567d8d706c
|
Further completed the phantom shell routine and added more checks in TC, still not finished, payload rewriting remains, but the rest is fully ready
|
2022-05-10 23:04:19 -04:00 |
|
h3xduck
|
f2c3624e8b
|
Added test on tc clasiffier, added pinned maps, and obtaining the fd from other maps in order to synchronize between programs
|
2022-05-10 19:09:52 -04:00 |
|
h3xduck
|
0553ad777f
|
Completed message passing of commands to userspace via ebpf ringbuffer
|
2022-05-05 13:22:47 -04:00 |
|
h3xduck
|
e881502ffa
|
Now control flow is redirected back to the syscall after running the shared library constructor instead of skipping it
|
2022-04-09 14:17:09 -04:00 |
|
h3xduck
|
3438f5846f
|
Finished injection module at userspace using /proc/<pid>/maps, enables to overwrite the GOT section with RELRO activated
|
2022-04-07 07:11:28 -04:00 |
|
h3xduck
|
106f141c7e
|
Added new kprobe to the filesystem ebpf section. Now receiving read events, and storing them in a map for later use, along with a reference to the user-space memory buffer
|
2022-01-14 21:18:51 -05:00 |
|
h3xduck
|
193d9ec28f
|
Fixed the whole header setup, now correctly using the kernel headers instead of normal development ones. Ready to go on with original plan of file system hooking
|
2022-01-06 13:31:52 -05:00 |
|
h3xduck
|
d9a70f866c
|
Modularized the ebpf program loading and attaching.
|
2021-12-30 21:09:26 -05:00 |
|
h3xduck
|
19a11da18f
|
Modularized the communication buffers
|
2021-12-30 12:48:45 -05:00 |
|