Elevator Pitch
If creating a linux based ring-0 rootkit is something that scares you, if the concept of kernel module goes over your head, if system call is still a nightmare for you, then you are in the right place. I’m going to share all the experiences which I have gone through while creating my own rootkit.
Description
This talk is all about sharing the experience with all, which was learned while creating a LKM based rootkit. All those techniques and resourses will be shared, in order to avoid all those overhead pains of finding out those appropriate concepts/ snippets, needed while making a LKM based rootkit, from all over the internet world, making things become easy as well as clear.
Repository: https://github.com/reveng007/reveng_rtkit Blog: https://reveng007.github.io/blog/2022/03/08/reveng_rkit_detailed.html
Notes
This will be a discussion on, how to search linux kernel source code to come up with an idea of which entry point to access, implementing security concepts along with developing mindset, applying same concepts that was in market previously, in a different manner, to create a chance of getting antirootkit evaded, to implement system call interception by finding syscall addresses, kernel mode function hooking, hiding rootkit deep inside the kernel to hide itself from user mode programs, making rootkit unremovable, etc
Repository: https://github.com/reveng007/reveng_rtkit Blog: https://reveng007.github.io/blog/2022/03/08/reveng_rkit_detailed.html