AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Easy translator coding rootkit1/6/2024 Des simulations du comportement d'ARTiS ont permis de vérifier la viabilité du modèle proposé. De plus, une stratégie spécifique d'équilibrage de charge permet à ARTiS d'exploiter la pleine puissance d'une machine SMP : les réservations temps-réel, bien que garanties, ne sont pas exclusives et n'entraînent pas de sous-utilisations des ressources. migration automatique des activités non préemptibles assure une garantie de latence sur ces processeurs temps-réel. Le principe d'ARTiS est d'identifier un ensemble de processeurs dédiés aux opérations temps-réel. ARTiS exploite la caractéristique SMP de l'architecture pour garantir la possible préemption d'un processeur quand le système doit ordonnancer une tâche temps-réel. Le système ARTiS est une extension temps-réel de GNU/Linux dédiée aux architectures multiprocesseurs symétriques (SMP). Included: The fundamentals of FreeBSD kernel module programming Using call hooking to subvert the FreeBSD kernel Directly manipulating the objects the kernel depends upon for its internal record-keeping Patching kernel code resident in main memory in other words, altering the kernel's logic while it's still running How to defend against the attacks described Hack the FreeBSD kernel for yourself! All code is thoroughly described and analyzed, and each chapter contains at least one real-world application. Kongs liberal use of examples assumes no prior kernel-hacking experience but doesn't water down the information. You'll learn how to maintain root access long after gaining access to a computer and how to hack FreeBSD. Author Joseph Kong's goal is to make you smarter, not to teach you how to write exploits or launch attacks. Organized as a tutorial, Designing BSD Rootkits will teach you the fundamentals of programming and developing rootkits under the FreeBSD operating system. Designing BSD Rootkits arms you with the knowledge you need to write offensive rootkits, to defend against malicious ones, and to explore the FreeBSD kernel and operating system in the process. Though rootkits have a fairly negative image, they can be used for both good and evil. We also show that HookSafe achieves such a large-scale protection with a small overhead (e.g., around 6% slowdown in performance benchmarks). Our experiments with nine real-world rootkits show that HookSafe can effectively defeat their attempts to hijack kernel hooks. We have devel- oped a prototype of HookSafe and used it to protect more than 5, 900 kernel hooks in a Linux guest. As such, we can relocate those kernel hooks to a ded- icated page-aligned memory space and then regulate accesses to them with hardware-based page-level protection. One key observation behind our approach is that a kernel hook, once initialized, may be frequently "read"-accessed, but rarely "write"- accessed. To address the above challenges, in this paper, we present Hook- Safe, a hypervisor-based lightweight system that can protect thou- sands of kernel hooks in a guest OS from being hijacked. In addition, there is a lack of flexible commodity hardware support, leading to the so- called protection granularitygap - kernel hook protection requires byte-level granularity but commodity hardware only provides page- level protection. However, it remains a challenge be- cause there exist a large number of widely-scattered kernel hooks and many of them could be dynamically allocated from kernel heap and co-located together with other kernel data. A critical step towards eliminating rootkits is to protect such hooks from being hijacked. To hide their presence and activities, many rootkits hi- jack control flows by modifying control data or hooks in the kernel space. Kernel rootkits have posed serious security threats due to their stealthy manner.
0 Comments
Read More
Leave a Reply. |