[Security-devroom] talk proposal: BOFH meets SystemTap: rootkits made trivial

Adrien Kunysz adrien at kunysz.be
Tue Dec 21 02:15:45 CET 2010


I submitted this as a lightning talk before realising the security devroom
might be more appropriate.

The Bastard Operator From Hell enjoys abusing his users.
SystemTap allows for very easy dynamic code injection system-wide (kernel,
libraries, applications).

This talk gives a brief overview of what is SystemTap and its capabilities.
We then demonstrate how it can be used to dynamically insert questionable
code at any level to spy on users and modify behaviours of applications and
system components very easily. This is not about novel techniques or
breaking trust boundaries (we assume you are root already). This is only
about making things easier for both the good and the bad guys.

This is a 20 minutes talk (say 30 minutes with pleny of time for questions).

About me:
I enjoy playing with Unix systems, breaking things, fixing things, reading
code and tinkering with low level components and tools (kernel, libc,
debuggers,...). I have been using SystemTap a lot in the last few years and
started to see it as the ultimate hammer. If you measure Open Source
activity by amount of code written, I haven't contributed in any
significant way to any project. I wrote small patches to fix or improve
tools I use like arping, strace or SystemTap. I co-founded the Free
Software Users Group Arlon (Belgium) where technical talks and social
meetings are organised frequently. I am currently unemployed and using
my free time to toy with ideas like the one described in this talk.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.fosdem.org/pipermail/security-devroom/attachments/20101221/c8c45630/attachment.pgp


More information about the Security-devroom mailing list