admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-24 18:33:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

New diagrams, completed rootkit architecture

Browse Source
This commit is contained in:
h3xduck
2022-06-12 08:16:59 -04:00
parent c14b407644
commit 0aec74e024
15 changed files with 463 additions and 335 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docs/document.lof
View File

@@ -71,15 +71,17 @@
\defcounter {refsection}{0}\relax
\contentsline {figure}{\numberline {4.1}{\ignorespaces Overview of the rootkit subsystems and components.\relax }}{65}{figure.caption.60}%
\defcounter {refsection}{0}\relax
\contentsline {figure}{\numberline {4.2}{\ignorespaces Initial setup for the ROP with eBPF technique.\relax }}{66}{figure.caption.61}%
\contentsline {figure}{\numberline {4.2}{\ignorespaces Rootkit programs and scripts.\relax }}{67}{figure.caption.61}%
\defcounter {refsection}{0}\relax
\contentsline {figure}{\numberline {4.3}{\ignorespaces Process memory after syscall exits and ROP code overwrites the stack.\relax }}{67}{figure.caption.62}%
\contentsline {figure}{\numberline {4.3}{\ignorespaces Initial setup for the ROP with eBPF technique.\relax }}{69}{figure.caption.62}%
\defcounter {refsection}{0}\relax
\contentsline {figure}{\numberline {4.4}{\ignorespaces Stack data is restored and program continues its execution.\relax }}{68}{figure.caption.63}%
\contentsline {figure}{\numberline {4.4}{\ignorespaces Process memory after syscall exits and ROP code overwrites the stack.\relax }}{70}{figure.caption.63}%
\defcounter {refsection}{0}\relax
\contentsline {figure}{\numberline {4.5}{\ignorespaces Two runs of the same executable using ASLR, showing a library and two symbols.\relax }}{69}{figure.caption.64}%
\contentsline {figure}{\numberline {4.5}{\ignorespaces Stack data is restored and program continues its execution.\relax }}{71}{figure.caption.64}%
\defcounter {refsection}{0}\relax
\contentsline {figure}{\numberline {4.6}{\ignorespaces Call to the glibc function, using objdump\relax }}{71}{figure.caption.65}%
\contentsline {figure}{\numberline {4.6}{\ignorespaces Two runs of the same executable using ASLR, showing a library and two symbols.\relax }}{72}{figure.caption.65}%
\defcounter {refsection}{0}\relax
\contentsline {figure}{\numberline {4.7}{\ignorespaces Call to the glibc function, using objdump\relax }}{74}{figure.caption.66}%
\defcounter {refsection}{0}\relax
\addvspace {10\p@ }
\defcounter {refsection}{0}\relax