mirror of
https://github.com/h3xduck/TripleCross.git
synced 2025-12-17 07:33:07 +08:00
363 lines
10 KiB
BibTeX
363 lines
10 KiB
BibTeX
%%INTRODUCTION
|
||
|
||
@report{ransomware_paloalto,
|
||
institution = {Palo Alto Networks},
|
||
title = {Ransomware Threat Report 2022},
|
||
url = {https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/2022-unit42-ransomware-threat-report-final.pdf}
|
||
},
|
||
|
||
@report{ransomware_pwc,
|
||
institution = {PricewaterhouseCoopers},
|
||
title = {Cyber Threats 2021: A year in Retrospect},
|
||
url = {https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf}
|
||
},
|
||
|
||
@report{rootkit_ptsecurity,
|
||
institution = {Positive Technologies},
|
||
title = {Rootkits: evolution and detection methods},
|
||
date = {2021-11-03},
|
||
url = {https://www.ptsecurity.com/ww-en/analytics/rootkits-evolution-and-detection-methods/}
|
||
},
|
||
|
||
@online{ebpf_linux318,
|
||
indextitle={eBPF incorporation in the Linux Kernel 3.18},
|
||
date={2014-12-07},
|
||
url={https://kernelnewbies.org/Linux_3.18}
|
||
},
|
||
|
||
@report{bvp47_report,
|
||
institution = {Pangu Lab},
|
||
title = {Bvp47 Top-tier Backdoor of US NSA Equation Group},
|
||
date = {2022-02-23},
|
||
url = {https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf}
|
||
},
|
||
|
||
@report{bpfdoor_pwc,
|
||
institution = {PricewaterhouseCoopers},
|
||
title = {Cyber Threats 2021: A year in Retrospect},
|
||
url = {https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf},
|
||
pages = {37}
|
||
},
|
||
|
||
@proceedings{ebpf_friends,
|
||
institution = {Datadog},
|
||
author = {Guillaume Fournier, Sylvain Afchainthe},
|
||
organization= {DEFCON 29},
|
||
eventtitle = {Cyber Threats 2021: A year in Retrospect},
|
||
url = {https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/Guillaume%20Fournier%20Sylvain%20Afchain%20Sylvain%20Baubeau%20-%20eBPF%2C%20I%20thought%20we%20were%20friends.pdf}
|
||
},
|
||
|
||
@proceedings{evil_ebpf,
|
||
institution = {NCC Group},
|
||
author = {Jeff Dileo},
|
||
organization= {DEFCON 27},
|
||
eventtitle = {Evil eBPF Practical Abuses of an In-Kernel Bytecode Runtime},
|
||
url = {https://raw.githubusercontent.com/nccgroup/ebpf/master/talks/Evil_eBPF-DC27-v2.pdf}
|
||
},
|
||
|
||
@online{bad_ebpf,
|
||
author = {Pat Hogan},
|
||
organization= {DEFCON 27},
|
||
eventtitle = {Bad BPF - Warping reality using eBPF},
|
||
url = {https://www.youtube.com/watch?v=g6SKWT7sROQ}
|
||
},
|
||
|
||
@online{ebpf_windows,
|
||
title={eBPF incorporation in the Linux Kernel 3.18},
|
||
date={2014-12-07},
|
||
url={https://kernelnewbies.org/Linux_3.18}
|
||
},
|
||
@online{ebpf_android,
|
||
title={eBPF for Windows},
|
||
url={https://source.android.com/devices/architecture/kernel/bpf}
|
||
},
|
||
|
||
|
||
|
||
@article{bpf_bsd_origin,
|
||
title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},
|
||
author={Steven McCanne, Van Jacobson},
|
||
institution={Lawrence Berkeley Laboratory},
|
||
date={1992-12-19},
|
||
url={https://www.tcpdump.org/papers/bpf-usenix93.pdf}
|
||
},
|
||
|
||
@article{bpf_bsd_origin_bpf_page1,
|
||
title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},
|
||
author={Steven McCanne, Van Jacobson},
|
||
institution={Lawrence Berkeley Laboratory},
|
||
date={1992-12-19},
|
||
url={https://www.tcpdump.org/papers/bpf-usenix93.pdf},
|
||
pages={1}
|
||
},
|
||
|
||
@article{bpf_bsd_origin_bpf_page5,
|
||
title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},
|
||
author={Steven McCanne, Van Jacobson},
|
||
institution={Lawrence Berkeley Laboratory},
|
||
date={1992-12-19},
|
||
url={https://www.tcpdump.org/papers/bpf-usenix93.pdf},
|
||
pages={5}
|
||
},
|
||
|
||
@article{bpf_bsd_origin_bpf_page7,
|
||
title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},
|
||
author={Steven McCanne, Van Jacobson},
|
||
institution={Lawrence Berkeley Laboratory},
|
||
date={1992-12-19},
|
||
url={https://www.tcpdump.org/papers/bpf-usenix93.pdf},
|
||
pages={7}
|
||
},
|
||
|
||
@article{bpf_bsd_origin_bpf_page8,
|
||
title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},
|
||
author={Steven McCanne, Van Jacobson},
|
||
institution={Lawrence Berkeley Laboratory},
|
||
date={1992-12-19},
|
||
url={https://www.tcpdump.org/papers/bpf-usenix93.pdf},
|
||
pages={8}
|
||
},
|
||
|
||
@online{ebpf_history_opensource,
|
||
title={An intro to using eBPF to filter packets in the Linux kernel},
|
||
date={2017-08-11},
|
||
url={https://opensource.com/article/17/9/intro-ebpf}
|
||
},
|
||
|
||
@manual{ebpf_io,
|
||
title={eBPF Documentation},
|
||
url={https://ebpf.io/what-is-ebpf/}
|
||
},
|
||
|
||
@manual{ebpf_io_arch,
|
||
title={eBPF Documentation: Loader and verification architecture},
|
||
url={https://ebpf.io/what-is-ebpf/#loader--verification-architecture}
|
||
},
|
||
|
||
@manual{ebpf_io_verification,
|
||
title={eBPF Documentation: Verification},
|
||
url={https://ebpf.io/what-is-ebpf/#verification}
|
||
},
|
||
|
||
@manual{index_register,
|
||
title={Index register},
|
||
url={https://gunkies.org/wiki/Index_register}
|
||
}
|
||
|
||
@online{bpf_organicprogrammer_analysis,
|
||
title={Write a Linux packet sniffer from scratch: part two- BPF},
|
||
date={2022-03-28},
|
||
url={https://organicprogrammer.com/2022/03/28/how-to-implement-libpcap-on-linux-with-raw-socket-part2/}
|
||
},
|
||
|
||
@manual{tcpdump_page,
|
||
title={Tcpdump and Libpcap},
|
||
url={https://www.tcpdump.org}
|
||
},
|
||
|
||
@manual{ebpf_funcs_by_ver,
|
||
title={BPF features by Linux Kernel Version},
|
||
organization={iovisor},
|
||
url={https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md}
|
||
},
|
||
|
||
@book{brendan_gregg_bpf_book,
|
||
title={BPF performance tools},
|
||
author={Brendan Gregg},
|
||
url={https://www.oreilly.com/library/view/bpf-performance-tools/9780136588870/}
|
||
},
|
||
|
||
@manual{ebpf_inst_set,
|
||
title={eBPF instruction set},
|
||
url={https://www.kernel.org/doc/html/latest/bpf/instruction-set.html}
|
||
},
|
||
|
||
@manual{8664_inst_set_specs,
|
||
title={Intel® 64 and IA-32 Architectures Software Developer’s Manual Combined Volumes: 1, 2A, 2B, 2C, 2D, 3A, 3B, 3C, 3D, and 4},
|
||
author={Intel},
|
||
volume={2A},
|
||
pages={507},
|
||
urldate={2022-05-13},
|
||
url={https://www.intel.com/content/www/us/en/developer/articles/technical/intel-sdm.html}
|
||
},
|
||
|
||
@proceedings{ebpf_starovo_slides,
|
||
title={BPF – in-kernel virtual machine},
|
||
url={http://vger.kernel.org/netconf2015Starovoitov-bpf_collabsummit_2015feb20.pdf},
|
||
date={2015-02-20},
|
||
institution={PLUMgrid}
|
||
},
|
||
|
||
@proceedings{ebpf_starovo_slides_page23,
|
||
title={BPF – in-kernel virtual machine},
|
||
url={http://vger.kernel.org/netconf2015Starovoitov-bpf_collabsummit_2015feb20.pdf},
|
||
date={2015-02-20},
|
||
institution={PLUMgrid},
|
||
pages={23}
|
||
},
|
||
|
||
@manual{ebpf_JIT,
|
||
title={A JIT for packet filters},
|
||
url={https://lwn.net/Articles/437981/},
|
||
date={2011-04-12},
|
||
author={Jonathan Corbet}
|
||
},
|
||
|
||
@proceedings{ebpf_JIT_demystify_page13,
|
||
title={Demystify eBPF JIT Compiler},
|
||
url={https://www.netronome.com/media/documents/demystify-ebpf-jit-compiler.pdf},
|
||
institution={Netronome},
|
||
author={Jiong Wang},
|
||
date={2018-09-11},
|
||
pages={13}
|
||
},
|
||
|
||
@proceedings{ebpf_JIT_demystify_page14,
|
||
title={Demystify eBPF JIT Compiler},
|
||
url={https://www.netronome.com/media/documents/demystify-ebpf-jit-compiler.pdf},
|
||
institution={Netronome},
|
||
author={Jiong Wang},
|
||
date={2018-09-11},
|
||
pages={14}
|
||
},
|
||
|
||
@proceedings{ebpf_JIT_demystify_page17-22,
|
||
title={Demystify eBPF JIT Compiler},
|
||
url={https://www.netronome.com/media/documents/demystify-ebpf-jit-compiler.pdf},
|
||
institution={Netronome},
|
||
author={Jiong Wang},
|
||
date={2018-09-11},
|
||
pages={17-22}
|
||
},
|
||
|
||
@book{brendan_gregg_bpf_book_bpf_vm,
|
||
title={BPF performance tools},
|
||
author={Brendan Gregg},
|
||
url={https://learning.oreilly.com/library/view/bpf-performance-tools/9780136588870/ch02.xhtml#:-:text=With%20JIT%20compiled%20code%2C%20i,%20other%20native%20kernel%20code}
|
||
},
|
||
|
||
@manual{jit_enable_setting,
|
||
title={bpf\_jit\_enable},
|
||
url={https://sysctl-explorer.net/net/core/bpf_jit_enable/}
|
||
},
|
||
|
||
@manual{ebpf_verifier_kerneldocs,
|
||
title={eBPF verifier},
|
||
url={https://kernel.org/doc/html/latest/bpf/verifier.html}
|
||
},
|
||
|
||
@online{ebpf_bounded_loops,
|
||
title={Bounded loops in BPF for the 5.3 kernel},
|
||
url={https://lwn.net/Articles/794934/},
|
||
date={2019-06-31},
|
||
author={Marta Rybczynska}
|
||
},
|
||
|
||
@manual{ebpf_maps_kernel,
|
||
title={eBPF maps},
|
||
url={https://www.kernel.org/doc/html/latest/bpf/maps.html}
|
||
},
|
||
|
||
@manual{ebpf_maps_rddocs,
|
||
title={eBPF maps},
|
||
url={https://prototype-kernel.readthedocs.io/en/latest/bpf/ebpf_maps.html}
|
||
},
|
||
|
||
@manual{bpf_syscall,
|
||
title={bpf(2)- Linux manual page},
|
||
url={https://man7.org/linux/man-pages/man2/bpf.2.html}
|
||
},
|
||
|
||
@manual{ebpf_helpers,
|
||
title={bpf-helpers(7)- Linux manual page},
|
||
url={https://man7.org/linux/man-pages/man7/bpf-helpers.7.html}
|
||
},
|
||
|
||
@online{xdp_gentle_intro,
|
||
title={A Gentle Introduction to XDP},
|
||
date={2022-02-03},
|
||
url={https://www.seekret.io/blog/a-gentle-introduction-to-xdp/},
|
||
author={Daniel Lavie}
|
||
},
|
||
|
||
@manual{xdp_manual,
|
||
title={XDP actions},
|
||
url={https://prototype-kernel.readthedocs.io/en/latest/networking/XDP/implementation/xdp_actions.html}
|
||
},
|
||
|
||
@online{tc_differences,
|
||
title={tc/BPF and XDP/BPF},
|
||
url={https://liuhangbin.netlify.app/post/ebpf-and-xdp/},
|
||
date={2019-03-13},
|
||
author={Hangbin}
|
||
},
|
||
|
||
@online{tc_direct_action,
|
||
title={Understanding tc “direct action” mode for BPF},
|
||
url={https://qmonnet.github.io/whirl-offload/2020/04/11/tc-bpf-direct-action/},
|
||
date={2020-04-11},
|
||
author={Quentin Monnet}
|
||
},
|
||
|
||
@online{tc_docs_complete,
|
||
title={Traffic Control HOWTO},
|
||
url={http://linux-ip.net/articles/Traffic-Control-HOWTO/},
|
||
author={Martin A. Brown},
|
||
date={2006-10-01}
|
||
},
|
||
|
||
@online{tc_ret_list_complete,
|
||
title={Linux kernel source tree},
|
||
url={https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/pkt_cls.h},
|
||
indextitle={index : kernel/git/torvalds/linux.git}
|
||
},
|
||
|
||
@manual{tp_kernel,
|
||
title={Using the Linux Kernel Tracepoints},
|
||
url={https://www.kernel.org/doc/html/latest/trace/tracepoints.html},
|
||
author={Mathieu Desnoyers}
|
||
},
|
||
|
||
@manual{kprobe_manual,
|
||
title={Kernel Probes (Kprobes)},
|
||
author={Jim Keniston, Prasanna S Panchamukhi, Masami Hiramatsu},
|
||
url={https://www.kernel.org/doc/html/latest/trace/kprobes.html}
|
||
},
|
||
|
||
@online{kallsyms_kernel,
|
||
title={kallsyms: new /proc/kallmodsyms with builtin modules and symbol sizes},
|
||
author={Nick Alcock},
|
||
date={2021-06-06},
|
||
url={https://lwn.net/Articles/862021/}
|
||
},
|
||
|
||
@online{bcc_github,
|
||
title={BPF Compiler Collection (BCC)},
|
||
url={https://github.com/iovisor/bcc}
|
||
},
|
||
|
||
@online{libbpf_upstream,
|
||
title={BPF next kernel tree},
|
||
url={https://kernel.googlesource.com/pub/scm/linux/kernel/git/bpf/bpf-next}
|
||
},
|
||
|
||
@online{libbpf_github,
|
||
indextitle={libbpf GitHub},
|
||
url={https://github.com/libbpf/libbpf}
|
||
},
|
||
|
||
@online{libbpf_core,
|
||
title={BPF Portability and CO-RE},
|
||
url={https://facebookmicrosites.github.io/bpf/blog/2020/02/19/bpf-portability-and-co-re.html},
|
||
author={Andrii Nakryiko},
|
||
date={2020-02-19}
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|