@report{ransomware_paloalto, institution = {Palo Alto Networks}, title = {Ransomware Threat Report 2022}, url = {https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/2022-unit42-ransomware-threat-report-final.pdf} }, @report{ransomware_pwc, institution = {PricewaterhouseCoopers}, title = {Cyber Threats 2021: A year in Retrospect}, url = {https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf} }, @report{rootkit_ptsecurity, institution = {Positive Technologies}, title = {Rootkits: evolution and detection methods}, date = {2021-11-03}, url = {https://www.ptsecurity.com/ww-en/analytics/rootkits-evolution-and-detection-methods/} }, @online{ebpf_linux318, indextitle={eBPF incorporation in the Linux Kernel 3.18}, date={2014-12-07}, url={https://kernelnewbies.org/Linux_3.18} }, @report{bvp47_report, institution = {Pangu Lab}, title = {Bvp47 Top-tier Backdoor of US NSA Equation Group}, date = {2022-02-23}, url = {https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf} }, @report{bpfdoor_pwc, institution = {PricewaterhouseCoopers}, title = {Cyber Threats 2021: A year in Retrospect}, url = {https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf}, pages = {37} }, @proceedings{ebpf_friends, institution = {Datadog}, author = {Guillaume Fournier, Sylvain Afchainthe}, organization= {DEFCON 29}, eventtitle = {Cyber Threats 2021: A year in Retrospect}, url = {https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/Guillaume%20Fournier%20Sylvain%20Afchain%20Sylvain%20Baubeau%20-%20eBPF%2C%20I%20thought%20we%20were%20friends.pdf} }, @proceedings{evil_ebpf, institution = {NCC Group}, author = {Jeff Dileo}, organization= {DEFCON 27}, eventtitle = {Evil eBPF Practical Abuses of an In-Kernel Bytecode Runtime}, url = {https://raw.githubusercontent.com/nccgroup/ebpf/master/talks/Evil_eBPF-DC27-v2.pdf} }, @online{bad_ebpf, author = {Pat Hogan}, organization= {DEFCON 27}, eventtitle = {Bad BPF - Warping reality using eBPF}, url = {https://www.youtube.com/watch?v=g6SKWT7sROQ} }, @online{ebpf_windows, title={eBPF incorporation in the Linux Kernel 3.18}, date={2014-12-07}, url={https://kernelnewbies.org/Linux_3.18} }, @online{ebpf_android, title={eBPF for Windows}, url={https://source.android.com/devices/architecture/kernel/bpf} }, @article{bpf_bsd_origin, title={The BSD Packet Filter: A New Architecture for User-level Packet Capture}, author={Steven McCanne, Van Jacobson}, institution={Lawrence Berkeley Laboratory}, date={1992-12-19}, url={https://www.tcpdump.org/papers/bpf-usenix93.pdf} }, @article{bpf_bsd_origin_bpf_page1, title={The BSD Packet Filter: A New Architecture for User-level Packet Capture}, author={Steven McCanne, Van Jacobson}, institution={Lawrence Berkeley Laboratory}, date={1992-12-19}, url={https://www.tcpdump.org/papers/bpf-usenix93.pdf}, pages={1} }, @article{bpf_bsd_origin_bpf_page2, title={The BSD Packet Filter: A New Architecture for User-level Packet Capture}, author={Steven McCanne, Van Jacobson}, institution={Lawrence Berkeley Laboratory}, date={1992-12-19}, url={https://www.tcpdump.org/papers/bpf-usenix93.pdf}, pages={1} }, @article{bpf_bsd_origin_bpf_page5, title={The BSD Packet Filter: A New Architecture for User-level Packet Capture}, author={Steven McCanne, Van Jacobson}, institution={Lawrence Berkeley Laboratory}, date={1992-12-19}, url={https://www.tcpdump.org/papers/bpf-usenix93.pdf}, pages={5} }, @article{bpf_bsd_origin_bpf_page7, title={The BSD Packet Filter: A New Architecture for User-level Packet Capture}, author={Steven McCanne, Van Jacobson}, institution={Lawrence Berkeley Laboratory}, date={1992-12-19}, url={https://www.tcpdump.org/papers/bpf-usenix93.pdf}, pages={7} }, @article{bpf_bsd_origin_bpf_page8, title={The BSD Packet Filter: A New Architecture for User-level Packet Capture}, author={Steven McCanne, Van Jacobson}, institution={Lawrence Berkeley Laboratory}, date={1992-12-19}, url={https://www.tcpdump.org/papers/bpf-usenix93.pdf}, pages={8} }, @online{ebpf_history_opensource, title={An intro to using eBPF to filter packets in the Linux kernel}, date={2017-08-11}, url={https://opensource.com/article/17/9/intro-ebpf} }, @manual{ebpf_io, title={eBPF Documentation}, url={https://ebpf.io/what-is-ebpf/} }, @manual{ebpf_io_arch, title={eBPF Documentation: Loader and verification architecture}, url={https://ebpf.io/what-is-ebpf/#loader--verification-architecture} }, @manual{ebpf_io_verification, title={eBPF Documentation: Verification}, url={https://ebpf.io/what-is-ebpf/#verification} }, @manual{index_register, title={Index register}, url={https://gunkies.org/wiki/Index_register} } @online{bpf_organicprogrammer_analysis, title={Write a Linux packet sniffer from scratch: part two- BPF}, date={2022-03-28}, url={https://organicprogrammer.com/2022/03/28/how-to-implement-libpcap-on-linux-with-raw-socket-part2/} }, @manual{tcpdump_page, title={Tcpdump and Libpcap}, url={https://www.tcpdump.org} }, @manual{ebpf_funcs_by_ver, title={BPF features by Linux Kernel Version}, organization={iovisor}, url={https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md} }, @book{brendan_gregg_bpf_book, title={BPF performance tools}, author={Brendan Gregg}, url={https://www.oreilly.com/library/view/bpf-performance-tools/9780136588870/} }, @manual{ebpf_inst_set, title={eBPF instruction set}, url={https://www.kernel.org/doc/html/latest/bpf/instruction-set.html} }, @manual{8664_inst_set_specs, title={Intel® 64 and IA-32 Architectures Software Developer’s Manual Combined Volumes: 1, 2A, 2B, 2C, 2D, 3A, 3B, 3C, 3D, and 4}, author={Intel}, volume={2A}, pages={507}, urldate={2022-05-13}, url={https://www.intel.com/content/www/us/en/developer/articles/technical/intel-sdm.html} }, @proceedings{ebpf_starovo_slides, title={BPF – in-kernel virtual machine}, url={http://vger.kernel.org/netconf2015Starovoitov-bpf_collabsummit_2015feb20.pdf}, date={2015-02-20}, institution={PLUMgrid} }, @proceedings{ebpf_starovo_slides_page23, title={BPF – in-kernel virtual machine}, url={http://vger.kernel.org/netconf2015Starovoitov-bpf_collabsummit_2015feb20.pdf}, date={2015-02-20}, institution={PLUMgrid}, pages={23} }, @manual{ebpf_JIT, title={A JIT for packet filters}, url={https://lwn.net/Articles/437981/}, date={2011-04-12}, author={Jonathan Corbet} }, @proceedings{ebpf_JIT_demystify_page13, title={Demystify eBPF JIT Compiler}, url={https://www.netronome.com/media/documents/demystify-ebpf-jit-compiler.pdf}, institution={Netronome}, author={Jiong Wang}, date={2018-09-11}, pages={13} }, @proceedings{ebpf_JIT_demystify_page14, title={Demystify eBPF JIT Compiler}, url={https://www.netronome.com/media/documents/demystify-ebpf-jit-compiler.pdf}, institution={Netronome}, author={Jiong Wang}, date={2018-09-11}, pages={14} }, @proceedings{ebpf_JIT_demystify_page17-22, title={Demystify eBPF JIT Compiler}, url={https://www.netronome.com/media/documents/demystify-ebpf-jit-compiler.pdf}, institution={Netronome}, author={Jiong Wang}, date={2018-09-11}, pages={17-22} }, @book{brendan_gregg_bpf_book_bpf_vm, title={BPF performance tools}, author={Brendan Gregg}, url={https://learning.oreilly.com/library/view/bpf-performance-tools/9780136588870/ch02.xhtml#:-:text=With%20JIT%20compiled%20code%2C%20i,%20other%20native%20kernel%20code} }, @manual{jit_enable_setting, title={bpf\_jit\_enable}, url={https://sysctl-explorer.net/net/core/bpf_jit_enable/} }, @manual{ebpf_verifier_kerneldocs, title={eBPF verifier}, url={https://kernel.org/doc/html/latest/bpf/verifier.html} }, @online{ebpf_bounded_loops, title={Bounded loops in BPF for the 5.3 kernel}, url={https://lwn.net/Articles/794934/}, date={2019-06-30}, author={Marta Rybczynska} }, @manual{ebpf_maps_kernel, title={eBPF maps}, url={https://www.kernel.org/doc/html/latest/bpf/maps.html} }, @manual{ebpf_maps_rddocs, title={eBPF maps}, url={https://prototype-kernel.readthedocs.io/en/latest/bpf/ebpf_maps.html} }, @manual{bpf_syscall, title={bpf(2)- Linux manual page}, url={https://man7.org/linux/man-pages/man2/bpf.2.html} }, @manual{ebpf_helpers, title={bpf-helpers(7)- Linux manual page}, url={https://man7.org/linux/man-pages/man7/bpf-helpers.7.html} }, @online{xdp_gentle_intro, title={A Gentle Introduction to XDP}, date={2022-02-03}, url={https://www.seekret.io/blog/a-gentle-introduction-to-xdp/}, author={Daniel Lavie} }, @manual{xdp_manual, title={XDP actions}, url={https://prototype-kernel.readthedocs.io/en/latest/networking/XDP/implementation/xdp_actions.html} }, @online{tc_differences, title={tc/BPF and XDP/BPF}, url={https://liuhangbin.netlify.app/post/ebpf-and-xdp/}, date={2019-03-13}, author={Hangbin} }, @online{tc_direct_action, title={Understanding tc “direct action” mode for BPF}, url={https://qmonnet.github.io/whirl-offload/2020/04/11/tc-bpf-direct-action/}, date={2020-04-11}, author={Quentin Monnet} }, @online{tc_docs_complete, title={Traffic Control HOWTO}, url={http://linux-ip.net/articles/Traffic-Control-HOWTO/}, author={Martin A. Brown}, date={2006-10-01} }, @online{tc_ret_list_complete, title={Linux kernel source tree}, url={https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/pkt_cls.h}, indextitle={index : kernel/git/torvalds/linux.git} }, @manual{tp_kernel, title={Using the Linux Kernel Tracepoints}, url={https://www.kernel.org/doc/html/latest/trace/tracepoints.html}, author={Mathieu Desnoyers} }, @manual{kprobe_manual, title={Kernel Probes (Kprobes)}, author={Jim Keniston, Prasanna S Panchamukhi, Masami Hiramatsu}, url={https://www.kernel.org/doc/html/latest/trace/kprobes.html} }, @online{kallsyms_kernel, title={kallsyms: new /proc/kallmodsyms with builtin modules and symbol sizes}, author={Nick Alcock}, date={2021-06-06}, url={https://lwn.net/Articles/862021/} }, @online{bcc_github, title={BPF Compiler Collection (BCC)}, url={https://github.com/iovisor/bcc} }, @online{libbpf_upstream, title={BPF next kernel tree}, url={https://kernel.googlesource.com/pub/scm/linux/kernel/git/bpf/bpf-next} }, @online{libbpf_github, indextitle={libbpf GitHub}, url={https://github.com/libbpf/libbpf} }, @online{libbpf_core, title={BPF Portability and CO-RE}, url={https://facebookmicrosites.github.io/bpf/blog/2020/02/19/bpf-portability-and-co-re.html}, author={Andrii Nakryiko}, date={2020-02-19} }, @manual{ebpf_kernel_flags, title={Installing BCC: Kernel Configuration}, url={https://github.com/iovisor/bcc/blob/master/INSTALL.md} }, @manual{ubuntu_caps, title={capabilities - overview of Linux capabilities}, url={http://manpages.ubuntu.com/manpages/trusty/man7/capabilities.7.html} }, @proceedings{evil_ebpf_p9, institution = {NCC Group}, author = {Jeff Dileo}, organization= {DEFCON 27}, eventtitle = {Evil eBPF Practical Abuses of an In-Kernel Bytecode Runtime}, url = {https://raw.githubusercontent.com/nccgroup/ebpf/master/talks/Evil_eBPF-DC27-v2.pdf}, pages={9} }, @online{ebpf_caps_intro, title={[PATCH v7 bpf-next 1/3] bpf, capability: Introduce CAP\_BPF}, url={https://lore.kernel.org/bpf/20200513230355.7858-2-alexei.starovoitov@gmail.com/} }, @online{ebpf_caps_lwn, title={capability: introduce CAP\_BPF and CAP\_TRACING}, url={https://lwn.net/Articles/797807/} }, @online{unprivileged_ebpf, title={Reconsidering unprivileged BPF}, url={https://lwn.net/Articles/796328/} }, @online{cve_unpriv_ebpf, title={CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability}, url={https://www.openwall.com/lists/oss-security/2022/01/11/4} }, @online{unpriv_ebpf_ubuntu, title={Unprivileged eBPF disabled by default for Ubuntu 20.04 LTS, 18.04 LTS, 16.04 ESM}, url={https://discourse.ubuntu.com/t/unprivileged-ebpf-disabled-by-default-for-ubuntu-20-04-lts-18-04-lts-16-04-esm/27047} }, @online{unpriv_ebpf_redhat, title={CVE-2022-0002}, url={https://access.redhat.com/security/cve/cve-2021-4001} }, @online{unpriv_ebpf_suse, title={Security Hardening: Use of eBPF by unprivileged users has been disabled by default}, url={https://www.suse.com/support/kb/doc/?id=000020545} }, @manual{8664_params_abi, title={System V Application Binary Interface AMD64 Architecture Processor Supplement}, author={H.J. Lu et al.}, pages={148}, date={2018-01-28}, url={https://raw.githubusercontent.com/wiki/hjl-tools/x86-psABI/x86-64-psABI-1.0.pdf} }, @proceedings{ebpf_friends_p15, institution = {Datadog}, author = {Guillaume Fournier, Sylvain Afchainthe}, organization= {DEFCON 29}, eventtitle = {Cyber Threats 2021: A year in Retrospect}, url = {https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/Guillaume%20Fournier%20Sylvain%20Afchain%20Sylvain%20Baubeau%20-%20eBPF%2C%20I%20thought%20we%20were%20friends.pdf}, pages={15} }, @online{ebpf_override_return, title={BPF-based error injection for the kernel}, url={https://lwn.net/Articles/740146/} }, @online{code_kernel_open, indextitle={Linux kernel source code}, url={https://elixir.bootlin.com/linux/v5.11/source/fs/open.c#L1192} }, @online{code_kernel_syscall, indextitle={Linux kernel source code}, url={https://elixir.bootlin.com/linux/v5.11/source/include/linux/syscalls.h#L233} }, @online{fault_injection, title={Injecting faults into the kernel}, url={https://lwn.net/Articles/209257/}, date={2006-11-04} }, @online{mem_page_arch, title={Memory Management 101: Introduction to Memory Management in Linux}, url={https://events19.linuxfoundation.org/wp-content/uploads/2017/12/MM-101-Introduction-to-Linux-Memory-Management-Christoph-Lameter-Jump-Trading-LLC-1.pdf}, date={2017-12-01}, author={Christopher Lameter}, organization={The Linux Foundation Open Source Summit}, institution={Jump Trading LLC} }, @online{page_faults, title={Understanding page faults and memory swap-in/outs}, url={https://scoutapm.com/blog/understanding-page-faults-and-memory-swap-in-outs-when-should-you-worry}, date={2019-08-19}, author={Doug Breaker} }, @online{mem_arch_proc, title={Stack-based Buffer Overflow - Part 1}, url={https://h3xduck.github.io/exploit/2021/05/23/stackbufferoverflow-part1.html}, date={2021-05-23}, author={Marcos Sánchez Bajo} }, @manual{8664_params_abi_p18, title={System V Application Binary Interface AMD64 Architecture Processor Supplement}, author={H.J. Lu et al.}, pages={18}, date={2018-01-28}, url={https://raw.githubusercontent.com/wiki/hjl-tools/x86-psABI/x86-64-psABI-1.0.pdf} }, @online{write_helper_non_fault, title={probe\_write\_common\_error}, url={https://www.spinics.net/lists/bpf/msg16795.html} }, @online{code_vfs_read, indextitle={Linux kernel source code}, url={https://elixir.bootlin.com/linux/v5.11/source/fs/read_write.c#L476} }, @manual{8664_params_abi_p1922, title={System V Application Binary Interface AMD64 Architecture Processor Supplement}, author={H.J. Lu et al.}, pages={19-22}, date={2018-01-28}, url={https://raw.githubusercontent.com/wiki/hjl-tools/x86-psABI/x86-64-psABI-1.0.pdf} }, @online{network_layers, title={The Network Layers Explained [with examples]}, author={Alienor}, date={2018-11-28}, url={https://www.plixer.com/blog/network-layers-explained/} }, @online{tcp_reliable, title={Transmission Control Protocol}, date={2022-04-19}, organization={IBM}, url={https://www.ibm.com/docs/en/aix/7.2?topic=protocols-transmission-control-protocol} }, @online{tcp_handshake, title={Three-Way Handshake}, url={https://www.sciencedirect.com/topics/computer-science/three-way-handshake} }, @proceedings{evil_ebpf_p6974, institution = {NCC Group}, author = {Jeff Dileo}, organization= {DEFCON 27}, eventtitle = {Evil eBPF Practical Abuses of an In-Kernel Bytecode Runtime}, url = {https://raw.githubusercontent.com/nccgroup/ebpf/master/talks/Evil_eBPF-DC27-v2.pdf}, pages={69-74} }, @proceedings{ebpf_friends_p37, institution = {Datadog}, author = {Guillaume Fournier, Sylvain Afchainthe}, organization= {DEFCON 29}, eventtitle = {Cyber Threats 2021: A year in Retrospect}, url = {https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/Guillaume%20Fournier%20Sylvain%20Afchain%20Sylvain%20Baubeau%20-%20eBPF%2C%20I%20thought%20we%20were%20friends.pdf}, pages={37} }, @online{rop_prog_finder, title={ROPgadget Tool}, url={https://github.com/JonathanSalwan/ROPgadget} }, @online{glibc, title={The GNU C library}, url={https://www.gnu.org/software/libc/} }, @online{plt_got_technovelty, title={PLT and GOT - the key to code sharing and dynamic libraries}, author={Ian Wienand}, url={https://www.technovelty.org/linux/plt-and-got-the-key-to-code-sharing-and-dynamic-libraries.html}, date={2011-05-11} }, @online{plt_got_overlord, title={GOT and PLT for pwning.}, author={David Tomaschik}, url={https://systemoverlord.com/2017/03/19/got-and-plt-for-pwning.html}, date={2017-03-19} }, @manual{elf, title={ELF}, url={https://wiki.osdev.org/ELF} }, @online{pie_exploit, title={Position Independent Code}, url={https://ir0nstone.gitbook.io/notes/types/stack/pie} }, @online{aslr_pie_intro, title={aslr/pie intro}, url={https://guyinatuxedo.github.io/5.1-mitigation_aslr_pie/index.html#aslrpie-intro} }, @online{relro_redhat, title={Hardening ELF binaries using Relocation Read-Only (RELRO)}, author={Huzaifa Sidhpurwala}, date={2019-01-28}, url={https://www.redhat.com/en/blog/hardening-elf-binaries-using-relocation-read-only-relro} }, @online{cet_windows, title={R.I.P ROP: CET Internals in Windows 20H1}, author={Yarden Shafir, Alex Ionescu}, date={2020-05-01}, url={https://windows-internals.com/cet-on-windows/} }, @online{cet_linux, title={Another Round Of Intel CET Patches, Still Working Toward Linux Kernel Integration}, author={Michael Larabel}, date={2021-07-21}, url={https://www.phoronix.com/scan.php?page=news_item&px=Intel-CET-v29} }, @online{canary_exploit, title={Stack Canaries}, url={https://ir0nstone.gitbook.io/notes/types/stack/canaries} }, @online{rawtcp_lib, title={RawTCP\_Lib}, author={Marcos Sánchez Bajo}, url={https://github.com/h3xduck/RawTCP_Lib} }, @manual{proc_fs, title={proc(5) — Linux manual page}, url={https://man7.org/linux/man-pages/man5/proc.5.html} }, @online{proc_mem_write, title={enable writing to /proc/pid/mem}, url={https://lwn.net/Articles/433326/} }, @online{reverse_shell, title={Reverse Shell}, url={https://www.imperva.com/learn/application-security/reverse-shell/} }, @online{sudoers_man, title={die.net sudoers(5) - Linux man page}, url={https://linux.die.net/man/5/sudoers} }, @online{syscall_reference, title={Linux Syscall Reference (64bit)}, url={https://syscalls64.paolostivanin.com/} }, @online{code_kernel_execve, indextitle={Linux kernel code}, url={https://elixir.bootlin.com/linux/v5.11/source/fs/exec.c#L2054} }, @online{environ, title={How to Set and List Environment Variables in Linux}, date={2021-06-03}, url={https://linuxize.com/post/how-to-set-and-list-environment-variables-in-linux/} }, @online{execve_man, title={execve(2) — Linux manual page}, url={https://man7.org/linux/man-pages/man2/execve.2.html} }, @online{bpf_probe_write_user_errors, title={[iovisor-dev] Accessing user memory and minor page faults}, date = {2017-08-06}, url={https://lists.linuxfoundation.org/pipermail/iovisor-dev/2017-September/001035.html} }, @online{c_standard_main, title={Main function}, url={https://en.cppreference.com/w/c/language/main_function} }, @online{busybox_argv, title={BusyBox Examples}, url={https://en.wikipedia.org/wiki/BusyBox#Examples} }, @online{ips, title={What is an intrusion prevention system?}, organization={VMware}, url={https://www.vmware.com/topics/glossary/content/intrusion-prevention-system.html} }, @online{port_knocking, title={Port Knocking -- Network Authentication Across Closed Ports}, author={Martin Krzywinski}, url={https://www.muppetwhore.net/sysadmin/html/v12/i06/a2.htm} }, @report{bvp47_report_p49, institution = {Pangu Lab}, title = {Bvp47 Top-tier Backdoor of US NSA Equation Group}, date = {2022-02-23}, pages={49}, url = {https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf} }, @online{pangu_lab, title={Welcome to Pangu Research Lab}, url={https://pangukaitian.github.io/pangu/?lg=en} }, @online{rfc_tcp4, title={TFC 793}, institution={Information Sciences Institute, University of Southern California}, date={1981-09-01}, url={https://datatracker.ietf.org/doc/html/rfc793} }, @online{tcp_syn_payload, title={TCP Fast Open: expediting web services}, date={2012-08-01}, author={Michael Kerrisk}, url={https://lwn.net/Articles/508865/} }, @book{cisco_syn_firewall, title={CCNP Security Firewall 642-617 Official Cert Guide}, date={2011-10-01}, author={David Hucaby, David Garneau, Anthony Sequeira}, page={436}, url={https://books.google.es/books?id=-lvwaqFbIS8C&dq=syn+packet+firewall+ignore+payload} }, @online{hive_implant, title={(U) Hive Engineering Development Guide}, date = {2014-10-15}, url={https://wikileaks.org/vault7/document/hive-DevelopersGuide/hive-DevelopersGuide.pdf} }, @online{crc, title={Cyclic redundancy check}, organization={Wikipedia}, url={https://en.wikipedia.org/wiki/Cyclic_redundancy_check} }, @online{file_descriptors, title={File Descriptor}, url={http://www.cse.cuhk.edu.hk/~ericlo/teaching/os/lab/11-FS/fd.html} }, @online{raw_sockets, title={raw(7) — Linux manual page}, urlhttps://man7.org/linux/man-pages/man7/raw.7.html={} }, @online{cron, title={How To Add Jobs To cron Under Linux or UNIX}, date={2022-06-02}, author={Vivek Gite}, url={https://www.cyberciti.biz/faq/how-do-i-add-jobs-to-cron-under-linux-or-unix-oses/} }, @online{linux_daemons, title={Linux Jargon Buster: What are Daemons in Linux?}, date={2021-06-05}, author={Bill Dyer}, url={https://itsfoss.com/linux-daemons/} }, @online{code_kernel_getdents64, indextitle={Linux kernel source code}, url={https://elixir.bootlin.com/linux/v5.11/source/fs/readdir.c#L351} }, @online{getdents_man, title={getdents(2) — Linux manual page}, url={https://man7.org/linux/man-pages/man2/getdents.2.html} }, @online{code_kernel_linux_dirent64, indextitle={Linux kernel source code}, url={https://elixir.bootlin.com/linux/v5.11/source/include/linux/dirent.h#L5} }, @online{code_kerel_getdents_buffer_alignation, indextitle={Linux kernel source code}, url={https://elixir.bootlin.com/linux/v5.11/source/fs/readdir.c#L313} }, @online{xcellerator_getdents, title={Linux Rootkits Part 6: Hiding Directories}, date={2020-09-19}, author={TheXcellerator}, url={https://xcellerator.github.io/posts/linux_rootkits_06/} }, @online{embracethered_getdents, title={Offensive BPF: Understanding and using bpf\_probe\_write\_user}, date={2021-10-20}, author={Johann Rehberger}, url={https://embracethered.com/blog/posts/2021/offensive-bpf-libbpf-bpf_probe_write_user/} }, @online{dtype_dirent, title={Format of a Directory Entry}, url={https://www.gnu.org/software/libc/manual/html_node/Directory-Entries.html} }, @online{virtualbox_page, title={VirtualBox}, url={https://www.virtualbox.org/} }, @online{bridged_networking, title={Bridgeg Networking}, url={https://docs.oracle.com/en/virtualization/virtualbox/6.0/user/network_bridged.html} }, @online{nat_comptia, title={What Is NAT?}, institution={CompTIA}, url={https://www.comptia.org/content/guides/what-is-network-address-translation} }, @online{kernel_modules_restrict, title={Increasing Linux kernel integrity}, author={Michael Boelen}, date={2015-05-12}, url={https://linux-audit.com/increase-kernel-integrity-with-disabled-linux-kernel-modules-loading/} }