[PentesterAcademy] Linux Rootkits for Red-Blue Teams



Linux dominates the Server, Embedded and now the Internet of Things (IoT) device market. In recent times, embedded systems and IoT devices in particular have been the weapons of choice in online attacks: botnets like Mirai and Reaper to name a few. Soon the simple attack vectors that these botnets and malware use get patched, it is obvouis that the attacker will move and hide his tools in Kernel mode. This course will teach Red-Blue teams how kernel mode attack kits work and what to go about protecting their systems against it. We will use examples on x86_64, ARM and MIPS based architectures.

This entire course will be run on the latest Linux Kernel 4.15.x. This course is completely hands-on and everything will be taught with practical examples in the form of Kernel Modules written in C. You can however follow this course with a basic knowledge of Linux as we discuss everything from the very basics.


A non-exhaustive list of topics include:

• Linux Boot Process
• Browsing the Kernel code
• Linux Architecture and Process Internals
• Loadable Kernel Module (LKM) Programming Basics
• Understading internal kernel structures and the syscall mechanism
• Interrupt and Process context, Timers and Watchdogs
• Manipulating internal process structures
• Hijacking the system call table
• Subverting kernel memory protections
• Monitoring the system with Kprobes
• Kernel syncronization methods and common LKM pitfalls
• User space – Kernel space data transfers
• Monitoring a user space process from the kernel
• Accessing user space process memory
• Modifying the core kernel code to create custom hooks
• Understanding the kernel network stack
• Netfilters and Custom Hooks
• Network packet filtering and mangling with custom LKMs
• Analyzing Kernel mode Rootkits
• Defending against Kernel Mode attacks
• Chain of trust implementations
• and other topics


About Instructor:

Vivek Ramachandran is the Founder and Chief Trainer at Pentester Academy. He discovered the Caffe Latte attack, broke WEP Cloaking – a WEP protection schema, conceptualized enterprise Wi-Fi Backdoors and created Chellam, the world’s first Wi-Fi Firewall. He is also the author of multiple five star rated books which have together sold over 13,000+ copies worldwide and have been translated to multiple languages.

Vivek started SecurityTube.net in 2007, a YouTube for security which current aggregates the largest collection of security research videos on the web. SecurityTube Training and Pentester Academy now serve thousands of customers from over 90 countries worldwide. He also conducts in-person trainings in the US, Europe and Asia. Vivek’s work on wireless security has been quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada etc. places. He has spoken/trained at top conferences around the world including Black Hat USA, Europe and Abu Dhabi, Defcon, Hacktivity, Brucon, SecurityByte, SecurityZone, Nullcon, C0C0n etc.

Vivek has over a decade of experience in security and has keen interest in the areas of Wireless, Mobile, Network and Web Application Pentesting, Shellcoding, Reversing and Exploit Research. He loves programming in Python, C and Assembly.


Size: 1.28GB


Course: https://www.pentesteracademy.com/course?id=38

Friendly Websites

OneHack.Us | Tutorials For Free, Guides, Articles & Community Forum.

Leave a Comment