Learning Linux binary analysis : uncover the secrets of Linux binary analysis with this handy guide /
Annotation
Clasificación: | Libro Electrónico |
---|---|
Autor principal: | |
Formato: | Electrónico eBook |
Idioma: | Inglés |
Publicado: |
Birmingham :
Packt Publishing,
2016.
|
Colección: | Community experience distilled.
|
Temas: | |
Acceso en línea: | Texto completo Texto completo |
Tabla de Contenidos:
- Cover; Copyright; Credits; About the Author; Acknowledgments; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: The Linux Environment and Its Tools; Chapter 2: The ELF Binary Format; Chapter 3: Linux Process Tracing; Chapter 4: ELF Virus Technology
- Linux/Unix Viruses; Chapter 5: Linux Binary Protection; Chapter 6: ELF Binary Forensics in Linux; Chapter 7: Process Memory Forensics; Chapter 8: ECFS
- Extended Core File Snapshot Technology; Chapter 9: Linux /proc/kcore Analysis; Index; Linux tools; Useful devices and files; Linker-related environment points
- ELF virus technologyELF virus engineering challenges; ELF virus parasite infection methods; The PT_NOTE to PT_LOAD conversion infection method; Infecting control flow; Process memory viruses and rootkits
- remote code injection techniques; ELF anti-debugging and packing techniques; ELF virus detection and disinfection; Summary; ELF binary packers
- dumb protectors; Stub mechanics and the userland exec; Other jobs performed by protector stubs; Existing ELF binary protectors; Downloading Maya-protected binaries; Anti-debugging for binary protection; Resistance to emulation; Obfuscation methods
- Protecting control flow integrityOther resources; Summary; The science of detecting entry point modification; Detecting other forms of control flow hijacking; Identifying parasite code characteristics; Checking the dynamic segment for DLL injection traces; Identifying reverse text padding infections; Identifying text segment padding infections; Identifying protected binaries; IDA Pro; Summary; What does a process look like?; Process memory infection; Detecting the ET_DYN injection; Linux ELF core files; Summary; History; The ECFS philosophy; Getting started with ECFS
- Libecfs
- a library for parsing ECFS filesreadecfs; Examining an infected process using ECFS; The ECFS reference guide; Process necromancy with ECFS; Learning more about ECFS; Summary; Linux kernel forensics and rootkits; stock vmlinux has no symbols; /proc/kcore and GDB exploration; Direct sys_call_table modifications; Kprobe rootkits; Debug register rootkits
- DRR; VFS layer rootkits; Other kernel infection techniques; vmlinux and .altinstructions patching; Using taskverse to see hidden processes; Infected LKMs
- kernel drivers; Notes on /dev/kmem and /dev/mem; /dev/mem
- K-ecfs
- kernel ECFS