SlideShare a Scribd company logo

Rootkit on Linux X86 v2.6

F
fisher.w.y

This document describes techniques for creating rootkits on Linux x86 systems. It discusses obtaining the system call table, hooking system calls through various methods like direct modification of the table, inline hooking of system call code, and patching the system call handler. It also presents the idea of abusing debug registers to generate exceptions and intercept system calls. The goal is to conceal running processes, files, and other system data from detection.

Technology
1 of 61
Downloaded 140 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6
Rootkit on Linux X86 v2.6

More Related Content

KEY
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Vincenzo Iozzo
 
PDF
DConf 2016 std.database (a proposed interface & implementation)
cruisercoder
 
PDF
Flashback, el primer malware masivo de sistemas Mac
ESET Latinoamérica
 
PDF
Twitter codeigniter library
Navaneeswar Reddy
 
PDF
C++ game development with oxygine
corehard_by
 
PDF
Slaying the Dragon: Implementing a Programming Language in Ruby
Jason Yeo Jie Shun
 
PPTX
Down the rabbit hole, profiling in Django
Remco Wendt
 
PDF
Orasta500.c
albertinous
 
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Vincenzo Iozzo
 
DConf 2016 std.database (a proposed interface & implementation)
cruisercoder
 
Flashback, el primer malware masivo de sistemas Mac
ESET Latinoamérica
 
Twitter codeigniter library
Navaneeswar Reddy
 
C++ game development with oxygine
corehard_by
 
Slaying the Dragon: Implementing a Programming Language in Ruby
Jason Yeo Jie Shun
 
Down the rabbit hole, profiling in Django
Remco Wendt
 
Orasta500.c
albertinous
 

What's hot (17)

PDF
Stupid Awesome Python Tricks
Bryan Helmig
 
PDF
Embedded systemsproject_2020
Nikos Mouzakitis
 
PDF
Обзор фреймворка Twisted
Maxim Kulsha
 
PDF
PHP Static Code Review
Damien Seguy
 
PDF
Your code is not a string
Ingvar Stepanyan
 
PDF
ClojurianからみたElixir
Kent Ohashi
 
PDF
Rust ⇋ JavaScript
Ingvar Stepanyan
 
PDF
DEF CON 24 - Patrick Wardle - 99 problems little snitch
Felipe Prado
 
PDF
Html5 game, websocket e arduino
monksoftwareit
 
PDF
Oxygine 2 d objects,events,debug and resources
corehard_by
 
PDF
OpenCL 3.0 Reference Guide
The Khronos Group Inc.
 
PDF
Html5 game, websocket e arduino
Giuseppe Modarelli
 
PDF
Moony li pacsec-1.8
PacSecJP
 
PDF
AST Rewriting Using recast and esprima
Stephen Vance
 
PDF
3
Marat Vyshegorodtsev
 
PPT
Esprima - What is that
Abhijeet Pawar
 
PDF
JavaScript and the AST
Jarrod Overson
 
Stupid Awesome Python Tricks
Bryan Helmig
 
Embedded systemsproject_2020
Nikos Mouzakitis
 
Обзор фреймворка Twisted
Maxim Kulsha
 
PHP Static Code Review
Damien Seguy
 
Your code is not a string
Ingvar Stepanyan
 
ClojurianからみたElixir
Kent Ohashi
 
Rust ⇋ JavaScript
Ingvar Stepanyan
 
DEF CON 24 - Patrick Wardle - 99 problems little snitch
Felipe Prado
 
Html5 game, websocket e arduino
monksoftwareit
 
Oxygine 2 d objects,events,debug and resources
corehard_by
 
OpenCL 3.0 Reference Guide
The Khronos Group Inc.
 
Html5 game, websocket e arduino
Giuseppe Modarelli
 
Moony li pacsec-1.8
PacSecJP
 
AST Rewriting Using recast and esprima
Stephen Vance
 
3
Marat Vyshegorodtsev
 
Esprima - What is that
Abhijeet Pawar
 
JavaScript and the AST
Jarrod Overson
 
Ad

Viewers also liked (20)

PDF
Linux kernel-rootkit-dev - Wonokaerun
idsecconf
 
PPTX
A particle filter based scheme for indoor tracking on an Android Smartphone
Divye Kapoor
 
PPTX
Cybermania Prelims
Divye Kapoor
 
PPTX
OMFW 2012: Analyzing Linux Kernel Rootkits with Volatlity
Andrew Case
 
PDF
Rootkit 102 - Kernel-Based Rootkit
Chia-Hao Tsai
 
PDF
Kernel Recipes 2015: The stable Linux Kernel Tree - 10 years of insanity
Anne Nicolas
 
PPTX
Cybermania Mains
Divye Kapoor
 
PDF
Linux performance
Will Sterling
 
ODP
Linux Internals - Kernel/Core
Shay Cohen
 
PDF
The TCP/IP stack in the FreeBSD kernel COSCUP 2014
Kevin Lo
 
PDF
LAS16-403 - GDB Linux Kernel Awareness
Peter Griffin
 
PDF
The Linux Kernel Implementation of Pipes and FIFOs
Divye Kapoor
 
PDF
Linux Kernel Exploitation
Scio Security
 
PDF
Part 04 Creating a System Call in Linux
Tushar B Kute
 
PPT
Rootkit
Alex Avila
 
PPTX
Applying Memory Forensics to Rootkit Detection
Igor Korkin
 
PPTX
了解网络
Feng Yu
 
PPT
Debugging Applications with GNU Debugger
Priyank Kapadia
 
PPTX
了解Cpu
Feng Yu
 
PDF
Research Paper on Rootkit.
Anuj Khandelwal
 
Linux kernel-rootkit-dev - Wonokaerun
idsecconf
 
A particle filter based scheme for indoor tracking on an Android Smartphone
Divye Kapoor
 
Cybermania Prelims
Divye Kapoor
 
OMFW 2012: Analyzing Linux Kernel Rootkits with Volatlity
Andrew Case
 
Rootkit 102 - Kernel-Based Rootkit
Chia-Hao Tsai
 
Kernel Recipes 2015: The stable Linux Kernel Tree - 10 years of insanity
Anne Nicolas
 
Cybermania Mains
Divye Kapoor
 
Linux performance
Will Sterling
 
Linux Internals - Kernel/Core
Shay Cohen
 
The TCP/IP stack in the FreeBSD kernel COSCUP 2014
Kevin Lo
 
LAS16-403 - GDB Linux Kernel Awareness
Peter Griffin
 
The Linux Kernel Implementation of Pipes and FIFOs
Divye Kapoor
 
Linux Kernel Exploitation
Scio Security
 
Part 04 Creating a System Call in Linux
Tushar B Kute
 
Rootkit
Alex Avila
 
Applying Memory Forensics to Rootkit Detection
Igor Korkin
 
了解网络
Feng Yu
 
Debugging Applications with GNU Debugger
Priyank Kapadia
 
了解Cpu
Feng Yu
 
Research Paper on Rootkit.
Anuj Khandelwal
 
Ad

Similar to Rootkit on Linux X86 v2.6 (20)

PDF
Rootkit on linux_x86_v2.6
scuhurricane
 
PDF
ExperiencesSharingOnEmbeddedSystemDevelopment_20160321
Teddy Hsiung
 
PDF
Shellcoding in linux
Ajin Abraham
 
PDF
Windbg랑 친해지기
Ji Hun Kim
 
PDF
What Have Syscalls Done for you Lately?
Docker, Inc.
 
PDF
That Goes Without Alpha-Num (or Does It ?) all your base10 are belong to us
takesako
 
PPTX
Static analysis of C++ source code
Andrey Karpov
 
PPTX
Static analysis of C++ source code
PVS-Studio
 
PDF
LSFMM 2019 BPF Observability
Brendan Gregg
 
PPTX
Linux kernel debugging
JungMinSEO5
 
PPTX
Getting started cpp full
Võ Hòa
 
PDF
Arduino coding class part ii
Jonah Marrs
 
PDF
40d5984d819aaa72e55aa10376b73bde_MIT6_087IAP10_lec12.pdf
SagarYadav642223
 
PPTX
Add an interactive command line to your C++ application
Daniele Pallastrelli
 
PPTX
Unix-module4.Unit 2 Virtualization Part I.pptx
ssuser8594b8
 
PPT
Writing Metasploit Plugins
amiable_indian
 
PDF
Poker, packets, pipes and Python
Roger Barnes
 
PDF
Rust LDN 24 7 19 Oxidising the Command Line
Matt Provost
 
DOCX
Assignment no39
Jay Patel
 
PPTX
C Programming Training in Ambala ! Batra Computer Centre
jatin batra
 
Rootkit on linux_x86_v2.6
scuhurricane
 
ExperiencesSharingOnEmbeddedSystemDevelopment_20160321
Teddy Hsiung
 
Shellcoding in linux
Ajin Abraham
 
Windbg랑 친해지기
Ji Hun Kim
 
What Have Syscalls Done for you Lately?
Docker, Inc.
 
That Goes Without Alpha-Num (or Does It ?) all your base10 are belong to us
takesako
 
Static analysis of C++ source code
Andrey Karpov
 
Static analysis of C++ source code
PVS-Studio
 
LSFMM 2019 BPF Observability
Brendan Gregg
 
Linux kernel debugging
JungMinSEO5
 
Getting started cpp full
Võ Hòa
 
Arduino coding class part ii
Jonah Marrs
 
40d5984d819aaa72e55aa10376b73bde_MIT6_087IAP10_lec12.pdf
SagarYadav642223
 
Add an interactive command line to your C++ application
Daniele Pallastrelli
 
Unix-module4.Unit 2 Virtualization Part I.pptx
ssuser8594b8
 
Writing Metasploit Plugins
amiable_indian
 
Poker, packets, pipes and Python
Roger Barnes
 
Rust LDN 24 7 19 Oxidising the Command Line
Matt Provost
 
Assignment no39
Jay Patel
 
C Programming Training in Ambala ! Batra Computer Centre
jatin batra
 

Recently uploaded (20)

PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Approach and Philosophy of On baking technology
30anthuong17
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Cloud computing and distributed systems.
kkkkkhan
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
KodekX | Application Modernization Development
KodekX
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean