Dailydave mailing list archives
Re: A growing darkness
From: "Mohammad Hosein" <mhtajik () gmail com>
Date: Fri, 15 Aug 2008 00:29:20 +0330
"hardened" kernels are killing our business ;) its hard to believe one can find a "serious" Linux machine runs a virgin kernel ( assuming general patches do not help virginity to be lost , hat's off to Chandler ) . having PaX or Grsec or even worse , SELinux , installed and running Rootkits dont stand a chance . so thought you might want to consider taking a look at Gentoo's Hardened kernel . its a good Start Regards -mh On Thu, Aug 14, 2008 at 11:17 PM, Dave Aitel <dave () immunityinc com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It's dark and storming here - not rare for Miami. For those of you who like to read about heap overflows, Nico's blog has some information on the work he did to make the Citrix bug CANVASized: http://eticanicomana.blogspot.com/ Likewise his post on the rollarcoaster ride that is writing heap overflows is a good one. :> We find that ready-to-use kernel rootkits are a key part of what people want in an attack platform these days. To this end Daniel Palacio (an intern at Immunity this summer) wrote a Linux rootkit we hope to release shortly as part of CANVAS. Bas has since written a loader for it [1] that uses the debug registers to "hook" things. You may or may not have seen this technique being used [2] but it's good to have something ready to go in your toolkit. There's some other cool features in the CANVAS Linux rootkit but I'll wait till it's ready sometime next week to post about them. - -dave [1] The loader itself is in CANVAS Early Updates for those of you who want to play with it. [2] I think a Windows rootkit uses this hooking technique but I can't remember which one. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIpIvPtehAhL0gheoRAsjMAJ0dV6QtjYeKxTMIXJ3B4lQh6DCMSgCffqqQ Grzmj+AKSj37bABrA8nANaw= =oOeE -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- A growing darkness Dave Aitel (Aug 14)
- Re: A growing darkness Mohammad Hosein (Aug 15)
- Re: A growing darkness Robert Holgstad (Aug 15)