A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Adventures in systemd injection - Stuart McMurray Derbycon 2019 (Hacking Illustrated Series InfoSec Tutorial Videos)

Adventures in systemd injection
Stuart McMurray
Derbycon 2019

Injecting into Linux processes is nothing new, but it's a great way to get malicious code running without an additional process.Libpcap is also nothing new, but it's a great way to have malware wait for something interesting.Systemd is somewhat new, but it's a great place to inject malware using libpcap.Or so I thought.This talk follows the speaker's journey trying to inject a libpcap-based tool into systemd.Along the way we'll see how to get a running process to load a library, hook functions the easy way, and dodge selinux.

Stuart is a Red Teamer at IronNet, where he focuses on tool development, Unix, and general Swiss Army knifery.He's been on the offensive side of public and private sector security for six years, during which time he's been an operator and trainer and developed a small arsenal of public and private offensive tools. Stuart's been a speaker at BSides and CarolinaCon and has red teamed for Quantum Dawn and the Collegiate Cyber Defense Competition.

@magisterquis

Back to Derbycon 2019 video list

Printable version of this article

15 most recent posts on Irongeek.com:


    If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

    Copyright 2019, IronGeek
    Louisville / Kentuckiana Information Security Enthusiast