A long time ago, in the early days of my journey to Linux kernel rootkits, I came across a Phrack article describing a rootkit detection technique implemented for i386. The article wasn’t new and referred to a vintage Linux kernel dated 2003. Something in that paper…
CONTINUE READING 🡒 Author: kclo3
Malformed ELFs. How to make executable Linux files debug-resistant
Plenty of anti-debugging techniques are available nowadays, but one of them stands distinctive. Its main principle is not to detect a debugger, but to prevent the app from running in it. This article explains how such a goal can be achieved using parser differentials and fuzzing. You will…
CONTINUE READING 🡒 
Reverse shell of 237 bytes. How to reduce the executable…
Once I was asked: is it possible to write a reverse shell some 200 bytes in size? This shell should perform the following functions: change its name and PID on a regular basis, make you coffee, and hack the Pentagon… Too bad, this is most likely impossible.…
CONTINUE READING 🡒