Cargando…

Learning Linux binary analysis : uncover the secrets of Linux binary analysis with this handy guide /

Annotation

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: O'Neill, Ryan (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Birmingham : Packt Publishing, 2016.
Colección:Community experience distilled.
Temas:
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover; Copyright; Credits; About the Author; Acknowledgments; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: The Linux Environment and Its Tools; Chapter 2: The ELF Binary Format; Chapter 3: Linux Process Tracing; Chapter 4: ELF Virus Technology
  • Linux/Unix Viruses; Chapter 5: Linux Binary Protection; Chapter 6: ELF Binary Forensics in Linux; Chapter 7: Process Memory Forensics; Chapter 8: ECFS
  • Extended Core File Snapshot Technology; Chapter 9: Linux /proc/kcore Analysis; Index; Linux tools; Useful devices and files; Linker-related environment points
  • ELF virus technologyELF virus engineering challenges; ELF virus parasite infection methods; The PT_NOTE to PT_LOAD conversion infection method; Infecting control flow; Process memory viruses and rootkits
  • remote code injection techniques; ELF anti-debugging and packing techniques; ELF virus detection and disinfection; Summary; ELF binary packers
  • dumb protectors; Stub mechanics and the userland exec; Other jobs performed by protector stubs; Existing ELF binary protectors; Downloading Maya-protected binaries; Anti-debugging for binary protection; Resistance to emulation; Obfuscation methods
  • Protecting control flow integrityOther resources; Summary; The science of detecting entry point modification; Detecting other forms of control flow hijacking; Identifying parasite code characteristics; Checking the dynamic segment for DLL injection traces; Identifying reverse text padding infections; Identifying text segment padding infections; Identifying protected binaries; IDA Pro; Summary; What does a process look like?; Process memory infection; Detecting the ET_DYN injection; Linux ELF core files; Summary; History; The ECFS philosophy; Getting started with ECFS
  • Libecfs
  • a library for parsing ECFS filesreadecfs; Examining an infected process using ECFS; The ECFS reference guide; Process necromancy with ECFS; Learning more about ECFS; Summary; Linux kernel forensics and rootkits; stock vmlinux has no symbols; /proc/kcore and GDB exploration; Direct sys_call_table modifications; Kprobe rootkits; Debug register rootkits
  • DRR; VFS layer rootkits; Other kernel infection techniques; vmlinux and .altinstructions patching; Using taskverse to see hidden processes; Infected LKMs
  • kernel drivers; Notes on /dev/kmem and /dev/mem; /dev/mem
  • K-ecfs
  • kernel ECFS