Almost completed chapter 6

2025-12-27 11:53:09 +08:00 · 2022-06-20 15:10:33 -04:00
parent 5d6619ce40
commit a542bef3b4
2 changed files with 179 additions and 2 deletions
--- a/docs/bibliography/bibliography.bib
+++ b/docs/bibliography/bibliography.bib
@@ -713,7 +713,7 @@ AMD64 Architecture Processor Supplement},
 	title={CCNP Security Firewall 642-617 Official Cert Guide},
 	date={2011-10-01},
 	author={David Hucaby, David Garneau, Anthony Sequeira},
-	page={436},
+	pages={436},
 	url={https://books.google.es/books?id=-lvwaqFbIS8C&dq=syn+packet+firewall+ignore+payload}
 },

@@ -813,6 +813,112 @@ AMD64 Architecture Processor Supplement},
 	author={Michael Boelen},
 	date={2015-05-12},
 	url={https://linux-audit.com/increase-kernel-integrity-with-disabled-linux-kernel-modules-loading/}
+},
+
+@online{jynx2_infosecinstitute,
+	title={Blackhat Academy},
+	author={Blackhat Academy},
+	date={2012-03-15},
+	url={https://resources.infosecinstitute.com/topic/jynx2-sneak-peek-analysis/}
+},
+
+@article{ldpreload_so_jynx,
+	title={Linux Rootkit Detection With OSSEC},
+	author={Sally Vandeven},
+	date={2014-03-26},
+	pages={18-19},
+	url={https://www.giac.org/paper/gcia/8751/rootkit-detection-ossec/126976}
+},
+
+@proceedings{ldpreload_pros,
+	title={The Continued Evolution of
+Userland Linux Rootkits},
+	pages={3-6},
+	date={2022-03-13},
+	url={https://www.bsidesdub.ie/past/media/2022/darren_martyn_userland_linux_rootkits.pdf}
+},
+
+@proceedings{ldpreload_pros_2327,
+	title={The Continued Evolution of
+Userland Linux Rootkits},
+	pages={23-27},
+	date={2022-03-13},
+	url={https://www.bsidesdub.ie/past/media/2022/darren_martyn_userland_linux_rootkits.pdf}
+},
+
+@online{jynx_github,
+	title={Jynx-kit},
+	author={BlackHatAcademy.org},
+	url={https://github.com/chokepoint/jynxkit}
+},
+
+@online{jynx2_github,
+	title={Jynx-kit (2)},
+	author={BlackHatAcademy.org},
+	url={https://github.com/chokepoint/Jynx2}
+},
+
+@online{azazel_github,
+	title={Azazel},
+	url={https://github.com/chokepoint/azazel}
+},
+
+@online{azazel_wiki,
+	title={Azazel},
+	url={https://web.archive.org/web/20141102234744/http://blackhatlibrary.net/Azazel#Hooking_Methods}
+},
+
+@online{ld_preload_detect,
+	title={Linux Attack Techniques: Dynamic Linker Hijacking with LD Preload},
+	date={2022-05-18},
+	url={https://www.cadosecurity.com/linux-attack-techniques-dynamic-linker-hijacking-with-ld-preload/}
+},
+
+@online{suckit_rootkit,
+	indextitle={SucKIT rootkit},
+	url={https://github.com/CSLDepend/exploits/blob/master/Rootkit_tools/suckit2priv.tar.gz}
+},
+
+@online{suckit_lasamhna,
+	title={Linux Kernel Rootkits},
+	url={https://www.la-samhna.de/library/rootkits/basics.html#FLOW}
+},
+
+@online{dev_kmem,
+	title={kmem(4) - Linux man page},
+	url={https://linux.die.net/man/4/kmem}
+},
+
+@online{dev_kmem_debian,
+	title={mem(4)},
+	url={https://manpages.debian.org/buster-backports/manpages/port.4.en.html}
+},
+
+@online{dev_kmem_off_default,
+	title={Change CONFIG\_DEVKMEM default value to n},
+	url={https://lore.kernel.org/all/20161007035719.GB17183@kroah.com/T/}
+},
+
+@online{diamorphine_github,
+	title={Diamorphine},
+	url={https://github.com/m0nad/Diamorphine}
+},
+
+@online{incibe_rootkit_lkm,
+	title={Malware in Linux: Kernel-mode-rootkits},
+	author={Antonio López},
+	date={2015-03-26},
+	url={https://www.incibe-cert.es/en/blog/kernel-rootkits-en}
+},
+
+@online{reptile_github,
+	title={Reptile},
+	url={https://github.com/f0rb1dd3n/Reptile}
+},
+
+@online{usermode_helper_lkm,
+	title={call\_usermodehelper, Module Loading},
+	url={https://www.kernel.org/doc/htmldocs/kernel-api/API-call-usermodehelper.html}
 }