Author Topic: Modern Linux Rootkits by TurboBorland (Read 2412 times)

Stackprotector · « **on:** April 10, 2014, 10:17:46 am »

Hi guys,

I have been working on some rootkitting lately and after some hours of LKM hacking i found TurboBorland's his great tutorial on modern linux rootkits. He's a great guy so if you like it don't bother getting on IRC and tell him you love him.

Tutorials:
http://turbochaos.blogspot.de/2013/09/linux-rootkits-101-1-of-3.html
http://turbochaos.blogspot.de/2013/10/writing-linux-rootkits-201-23.html
http://turbochaos.blogspot.de/2013/10/writing-linux-rootkits-301_31.html

Bytebybyte · « **Reply #1 on:** April 25, 2014, 02:36:19 pm »

Wow! Really good stuff. A nice diversion from the stereotypical hacking articles.

proxx · « **Reply #2 on:** April 25, 2014, 02:49:35 pm »

We all love Turboborland our favo IRC faggot

Architect · « **Reply #3 on:** April 25, 2014, 10:18:42 pm »

Wow, it's been so long since anybody mentioned LD_PRELOAD, I thought it was fixed by kernels by now. Idk if you can even fix it, I just know that's a great way to write a rootkit.

Also worth mentioning that the setuid() setgid() thing still works but a lot of kernels are harder to fool. I tested this recently on my own box and LD_PRELOAD does not work on my kernel (3.13.9).

EvilZone

News:

Author Topic: Modern Linux Rootkits by TurboBorland (Read 2412 times)

Stackprotector

Modern Linux Rootkits by TurboBorland

Bytebybyte

Re: Modern Linux Rootkits by TurboBorland

proxx

Re: Modern Linux Rootkits by TurboBorland

Architect

Re: Modern Linux Rootkits by TurboBorland