h3xduck
|
f2c3624e8b
|
Added test on tc clasiffier, added pinned maps, and obtaining the fd from other maps in order to synchronize between programs
|
2022-05-10 19:09:52 -04:00 |
|
h3xduck
|
213e30ba3b
|
Fixed keys of trigger packet V1, added sample servers, fixed client bug
|
2022-05-05 17:52:58 -04:00 |
|
h3xduck
|
b182ac1eeb
|
Added new TC module, updates to the exec hooking system and the userland module
|
2022-02-20 16:50:15 -05:00 |
|
h3xduck
|
2b50d376a6
|
Updated function and configurator manager names to the used hook.
|
2022-01-26 13:04:23 -05:00 |
|
h3xduck
|
3832d99af1
|
Updated file names and directory structure to the new multi-modules rootkit
|
2022-01-16 06:56:54 -05:00 |
|
h3xduck
|
106f141c7e
|
Added new kprobe to the filesystem ebpf section. Now receiving read events, and storing them in a map for later use, along with a reference to the user-space memory buffer
|
2022-01-14 21:18:51 -05:00 |
|
h3xduck
|
193d9ec28f
|
Fixed the whole header setup, now correctly using the kernel headers instead of normal development ones. Ready to go on with original plan of file system hooking
|
2022-01-06 13:31:52 -05:00 |
|
h3xduck
|
4882ce790c
|
[BUILD FAILING] Checkpoint for backup, added new hook for file system, tweaked makefile for real kernel header files inclusion, still not working. Commiting for periodic backup
|
2022-01-05 20:34:53 -05:00 |
|
h3xduck
|
f8774ac9cf
|
[BUILD IS FAILING] Added file system hooks and other improvements. Uploading because of needing to backup
|
2022-01-04 20:09:59 -05:00 |
|
h3xduck
|
74873dbca5
|
Completed configuration module which enables to change the running ebpf modules in the rootkit at runtime. Minor changes and updated code structure
|
2022-01-04 13:26:13 -05:00 |
|
h3xduck
|
0863566292
|
Included a global config struct for controlling which hooks and functions of the rootkit should be active. Still work to be done in the bpf side
|
2021-12-31 09:54:47 -05:00 |
|
h3xduck
|
be9cc95daa
|
Adapted makefile for user includes and new source files
|
2021-12-24 06:59:30 -05:00 |
|
h3xduck
|
745ec4e395
|
Updated project structure, and added new list for the next incoming feature.
|
2021-12-21 20:08:49 -05:00 |
|
h3xduck
|
a1119894cd
|
Made it work with an arbitrary length payload. Generalization with constants.h, now the PoC can be used for any shrinking/enlarging value. Discovered a very curious bug
|
2021-11-27 17:01:10 -05:00 |
|
h3xduck
|
72fddcac62
|
Finished adapting the code to tcp packets (+ researched a lot about xdp and ebpf, we should be OK with xdps, found a lot of ideas)
|
2021-11-23 19:55:44 -05:00 |
|
h3xduck
|
b04200526c
|
Finished xdp ebpf program, successfully showing packets received. Added client from Umbra, it will be the C&C client
|
2021-11-22 18:58:58 -05:00 |
|
h3xduck
|
23c7331d16
|
Continued working on first xdp filter, todo make bpf ring buffer work, check udp filter is up ans working
|
2021-11-21 20:00:43 -05:00 |
|
h3xduck
|
53da2d141d
|
Setup development environment with libbpf
|
2021-11-20 21:07:23 -05:00 |
|