h3xduck
|
671e2d671d
|
Added extraction of original jump instruction and opcodes
|
2022-03-15 18:36:59 -04:00 |
|
h3xduck
|
0c88d5baa9
|
Successfully added uprobes calculation and hooking at arbitrary function of execve_hijack.
|
2022-03-03 05:53:51 -05:00 |
|
h3xduck
|
044c85f3ff
|
Initial version of the RCE scheme- Added complete execve hook, helper and modifying capabilities for the filename called. Works still needs to be done
|
2022-02-06 14:15:57 -05:00 |
|
h3xduck
|
643783004a
|
Added new hooks and updated map fields to support new sudo module.
|
2022-02-05 13:49:20 -05:00 |
|
h3xduck
|
2b50d376a6
|
Updated function and configurator manager names to the used hook.
|
2022-01-26 13:04:23 -05:00 |
|
h3xduck
|
945e2f2def
|
Added new probe to read the previously extracted params and overwrite user memory. Still now fully working, just a backup
|
2022-01-14 22:05:08 -05:00 |
|
h3xduck
|
4882ce790c
|
[BUILD FAILING] Checkpoint for backup, added new hook for file system, tweaked makefile for real kernel header files inclusion, still not working. Commiting for periodic backup
|
2022-01-05 20:34:53 -05:00 |
|
h3xduck
|
f8774ac9cf
|
[BUILD IS FAILING] Added file system hooks and other improvements. Uploading because of needing to backup
|
2022-01-04 20:09:59 -05:00 |
|
h3xduck
|
74873dbca5
|
Completed configuration module which enables to change the running ebpf modules in the rootkit at runtime. Minor changes and updated code structure
|
2022-01-04 13:26:13 -05:00 |
|
h3xduck
|
0863566292
|
Included a global config struct for controlling which hooks and functions of the rootkit should be active. Still work to be done in the bpf side
|
2021-12-31 09:54:47 -05:00 |
|