mirror of
https://github.com/h3xduck/TripleCross.git
synced 2025-12-16 07:13:07 +08:00
822 lines
23 KiB
BibTeX
822 lines
23 KiB
BibTeX
@report{ransomware_paloalto,
|
||
institution = {Palo Alto Networks},
|
||
title = {Ransomware Threat Report 2022},
|
||
url = {https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/2022-unit42-ransomware-threat-report-final.pdf}
|
||
},
|
||
|
||
@report{ransomware_pwc,
|
||
institution = {PricewaterhouseCoopers},
|
||
title = {Cyber Threats 2021: A year in Retrospect},
|
||
url = {https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf}
|
||
},
|
||
|
||
@report{rootkit_ptsecurity,
|
||
institution = {Positive Technologies},
|
||
title = {Rootkits: evolution and detection methods},
|
||
date = {2021-11-03},
|
||
url = {https://www.ptsecurity.com/ww-en/analytics/rootkits-evolution-and-detection-methods/}
|
||
},
|
||
|
||
@online{ebpf_linux318,
|
||
indextitle={eBPF incorporation in the Linux Kernel 3.18},
|
||
date={2014-12-07},
|
||
url={https://kernelnewbies.org/Linux_3.18}
|
||
},
|
||
|
||
@report{bvp47_report,
|
||
institution = {Pangu Lab},
|
||
title = {Bvp47 Top-tier Backdoor of US NSA Equation Group},
|
||
date = {2022-02-23},
|
||
url = {https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf}
|
||
},
|
||
|
||
@report{bpfdoor_pwc,
|
||
institution = {PricewaterhouseCoopers},
|
||
title = {Cyber Threats 2021: A year in Retrospect},
|
||
url = {https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf},
|
||
pages = {37}
|
||
},
|
||
|
||
@proceedings{ebpf_friends,
|
||
institution = {Datadog},
|
||
author = {Guillaume Fournier, Sylvain Afchainthe},
|
||
organization= {DEFCON 29},
|
||
eventtitle = {Cyber Threats 2021: A year in Retrospect},
|
||
url = {https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/Guillaume%20Fournier%20Sylvain%20Afchain%20Sylvain%20Baubeau%20-%20eBPF%2C%20I%20thought%20we%20were%20friends.pdf}
|
||
},
|
||
|
||
@proceedings{evil_ebpf,
|
||
institution = {NCC Group},
|
||
author = {Jeff Dileo},
|
||
organization= {DEFCON 27},
|
||
eventtitle = {Evil eBPF Practical Abuses of an In-Kernel Bytecode Runtime},
|
||
url = {https://raw.githubusercontent.com/nccgroup/ebpf/master/talks/Evil_eBPF-DC27-v2.pdf}
|
||
},
|
||
|
||
@online{bad_ebpf,
|
||
author = {Pat Hogan},
|
||
organization= {DEFCON 27},
|
||
eventtitle = {Bad BPF - Warping reality using eBPF},
|
||
url = {https://www.youtube.com/watch?v=g6SKWT7sROQ}
|
||
},
|
||
|
||
@online{ebpf_windows,
|
||
title={eBPF incorporation in the Linux Kernel 3.18},
|
||
date={2014-12-07},
|
||
url={https://kernelnewbies.org/Linux_3.18}
|
||
},
|
||
@online{ebpf_android,
|
||
title={eBPF for Windows},
|
||
url={https://source.android.com/devices/architecture/kernel/bpf}
|
||
},
|
||
|
||
|
||
|
||
@article{bpf_bsd_origin,
|
||
title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},
|
||
author={Steven McCanne, Van Jacobson},
|
||
institution={Lawrence Berkeley Laboratory},
|
||
date={1992-12-19},
|
||
url={https://www.tcpdump.org/papers/bpf-usenix93.pdf}
|
||
},
|
||
|
||
@article{bpf_bsd_origin_bpf_page1,
|
||
title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},
|
||
author={Steven McCanne, Van Jacobson},
|
||
institution={Lawrence Berkeley Laboratory},
|
||
date={1992-12-19},
|
||
url={https://www.tcpdump.org/papers/bpf-usenix93.pdf},
|
||
pages={1}
|
||
},
|
||
|
||
@article{bpf_bsd_origin_bpf_page2,
|
||
title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},
|
||
author={Steven McCanne, Van Jacobson},
|
||
institution={Lawrence Berkeley Laboratory},
|
||
date={1992-12-19},
|
||
url={https://www.tcpdump.org/papers/bpf-usenix93.pdf},
|
||
pages={1}
|
||
},
|
||
|
||
@article{bpf_bsd_origin_bpf_page5,
|
||
title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},
|
||
author={Steven McCanne, Van Jacobson},
|
||
institution={Lawrence Berkeley Laboratory},
|
||
date={1992-12-19},
|
||
url={https://www.tcpdump.org/papers/bpf-usenix93.pdf},
|
||
pages={5}
|
||
},
|
||
|
||
@article{bpf_bsd_origin_bpf_page7,
|
||
title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},
|
||
author={Steven McCanne, Van Jacobson},
|
||
institution={Lawrence Berkeley Laboratory},
|
||
date={1992-12-19},
|
||
url={https://www.tcpdump.org/papers/bpf-usenix93.pdf},
|
||
pages={7}
|
||
},
|
||
|
||
@article{bpf_bsd_origin_bpf_page8,
|
||
title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},
|
||
author={Steven McCanne, Van Jacobson},
|
||
institution={Lawrence Berkeley Laboratory},
|
||
date={1992-12-19},
|
||
url={https://www.tcpdump.org/papers/bpf-usenix93.pdf},
|
||
pages={8}
|
||
},
|
||
|
||
@online{ebpf_history_opensource,
|
||
title={An intro to using eBPF to filter packets in the Linux kernel},
|
||
date={2017-08-11},
|
||
url={https://opensource.com/article/17/9/intro-ebpf}
|
||
},
|
||
|
||
@manual{ebpf_io,
|
||
title={eBPF Documentation},
|
||
url={https://ebpf.io/what-is-ebpf/}
|
||
},
|
||
|
||
@manual{ebpf_io_arch,
|
||
title={eBPF Documentation: Loader and verification architecture},
|
||
url={https://ebpf.io/what-is-ebpf/#loader--verification-architecture}
|
||
},
|
||
|
||
@manual{ebpf_io_verification,
|
||
title={eBPF Documentation: Verification},
|
||
url={https://ebpf.io/what-is-ebpf/#verification}
|
||
},
|
||
|
||
@manual{index_register,
|
||
title={Index register},
|
||
url={https://gunkies.org/wiki/Index_register}
|
||
}
|
||
|
||
@online{bpf_organicprogrammer_analysis,
|
||
title={Write a Linux packet sniffer from scratch: part two- BPF},
|
||
date={2022-03-28},
|
||
url={https://organicprogrammer.com/2022/03/28/how-to-implement-libpcap-on-linux-with-raw-socket-part2/}
|
||
},
|
||
|
||
@manual{tcpdump_page,
|
||
title={Tcpdump and Libpcap},
|
||
url={https://www.tcpdump.org}
|
||
},
|
||
|
||
@manual{ebpf_funcs_by_ver,
|
||
title={BPF features by Linux Kernel Version},
|
||
organization={iovisor},
|
||
url={https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md}
|
||
},
|
||
|
||
@book{brendan_gregg_bpf_book,
|
||
title={BPF performance tools},
|
||
author={Brendan Gregg},
|
||
url={https://www.oreilly.com/library/view/bpf-performance-tools/9780136588870/}
|
||
},
|
||
|
||
@manual{ebpf_inst_set,
|
||
title={eBPF instruction set},
|
||
url={https://www.kernel.org/doc/html/latest/bpf/instruction-set.html}
|
||
},
|
||
|
||
@manual{8664_inst_set_specs,
|
||
title={Intel® 64 and IA-32 Architectures Software Developer’s Manual Combined Volumes: 1, 2A, 2B, 2C, 2D, 3A, 3B, 3C, 3D, and 4},
|
||
author={Intel},
|
||
volume={2A},
|
||
pages={507},
|
||
urldate={2022-05-13},
|
||
url={https://www.intel.com/content/www/us/en/developer/articles/technical/intel-sdm.html}
|
||
},
|
||
|
||
@proceedings{ebpf_starovo_slides,
|
||
title={BPF – in-kernel virtual machine},
|
||
url={http://vger.kernel.org/netconf2015Starovoitov-bpf_collabsummit_2015feb20.pdf},
|
||
date={2015-02-20},
|
||
institution={PLUMgrid}
|
||
},
|
||
|
||
@proceedings{ebpf_starovo_slides_page23,
|
||
title={BPF – in-kernel virtual machine},
|
||
url={http://vger.kernel.org/netconf2015Starovoitov-bpf_collabsummit_2015feb20.pdf},
|
||
date={2015-02-20},
|
||
institution={PLUMgrid},
|
||
pages={23}
|
||
},
|
||
|
||
@manual{ebpf_JIT,
|
||
title={A JIT for packet filters},
|
||
url={https://lwn.net/Articles/437981/},
|
||
date={2011-04-12},
|
||
author={Jonathan Corbet}
|
||
},
|
||
|
||
@proceedings{ebpf_JIT_demystify_page13,
|
||
title={Demystify eBPF JIT Compiler},
|
||
url={https://www.netronome.com/media/documents/demystify-ebpf-jit-compiler.pdf},
|
||
institution={Netronome},
|
||
author={Jiong Wang},
|
||
date={2018-09-11},
|
||
pages={13}
|
||
},
|
||
|
||
@proceedings{ebpf_JIT_demystify_page14,
|
||
title={Demystify eBPF JIT Compiler},
|
||
url={https://www.netronome.com/media/documents/demystify-ebpf-jit-compiler.pdf},
|
||
institution={Netronome},
|
||
author={Jiong Wang},
|
||
date={2018-09-11},
|
||
pages={14}
|
||
},
|
||
|
||
@proceedings{ebpf_JIT_demystify_page17-22,
|
||
title={Demystify eBPF JIT Compiler},
|
||
url={https://www.netronome.com/media/documents/demystify-ebpf-jit-compiler.pdf},
|
||
institution={Netronome},
|
||
author={Jiong Wang},
|
||
date={2018-09-11},
|
||
pages={17-22}
|
||
},
|
||
|
||
@book{brendan_gregg_bpf_book_bpf_vm,
|
||
title={BPF performance tools},
|
||
author={Brendan Gregg},
|
||
url={https://learning.oreilly.com/library/view/bpf-performance-tools/9780136588870/ch02.xhtml#:-:text=With%20JIT%20compiled%20code%2C%20i,%20other%20native%20kernel%20code}
|
||
},
|
||
|
||
@manual{jit_enable_setting,
|
||
title={bpf\_jit\_enable},
|
||
url={https://sysctl-explorer.net/net/core/bpf_jit_enable/}
|
||
},
|
||
|
||
@manual{ebpf_verifier_kerneldocs,
|
||
title={eBPF verifier},
|
||
url={https://kernel.org/doc/html/latest/bpf/verifier.html}
|
||
},
|
||
|
||
@online{ebpf_bounded_loops,
|
||
title={Bounded loops in BPF for the 5.3 kernel},
|
||
url={https://lwn.net/Articles/794934/},
|
||
date={2019-06-30},
|
||
author={Marta Rybczynska}
|
||
},
|
||
|
||
@manual{ebpf_maps_kernel,
|
||
title={eBPF maps},
|
||
url={https://www.kernel.org/doc/html/latest/bpf/maps.html}
|
||
},
|
||
|
||
@manual{ebpf_maps_rddocs,
|
||
title={eBPF maps},
|
||
url={https://prototype-kernel.readthedocs.io/en/latest/bpf/ebpf_maps.html}
|
||
},
|
||
|
||
@manual{bpf_syscall,
|
||
title={bpf(2)- Linux manual page},
|
||
url={https://man7.org/linux/man-pages/man2/bpf.2.html}
|
||
},
|
||
|
||
@manual{ebpf_helpers,
|
||
title={bpf-helpers(7)- Linux manual page},
|
||
url={https://man7.org/linux/man-pages/man7/bpf-helpers.7.html}
|
||
},
|
||
|
||
@online{xdp_gentle_intro,
|
||
title={A Gentle Introduction to XDP},
|
||
date={2022-02-03},
|
||
url={https://www.seekret.io/blog/a-gentle-introduction-to-xdp/},
|
||
author={Daniel Lavie}
|
||
},
|
||
|
||
@manual{xdp_manual,
|
||
title={XDP actions},
|
||
url={https://prototype-kernel.readthedocs.io/en/latest/networking/XDP/implementation/xdp_actions.html}
|
||
},
|
||
|
||
@online{tc_differences,
|
||
title={tc/BPF and XDP/BPF},
|
||
url={https://liuhangbin.netlify.app/post/ebpf-and-xdp/},
|
||
date={2019-03-13},
|
||
author={Hangbin}
|
||
},
|
||
|
||
@online{tc_direct_action,
|
||
title={Understanding tc “direct action” mode for BPF},
|
||
url={https://qmonnet.github.io/whirl-offload/2020/04/11/tc-bpf-direct-action/},
|
||
date={2020-04-11},
|
||
author={Quentin Monnet}
|
||
},
|
||
|
||
@online{tc_docs_complete,
|
||
title={Traffic Control HOWTO},
|
||
url={http://linux-ip.net/articles/Traffic-Control-HOWTO/},
|
||
author={Martin A. Brown},
|
||
date={2006-10-01}
|
||
},
|
||
|
||
@online{tc_ret_list_complete,
|
||
title={Linux kernel source tree},
|
||
url={https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/pkt_cls.h},
|
||
indextitle={index : kernel/git/torvalds/linux.git}
|
||
},
|
||
|
||
@manual{tp_kernel,
|
||
title={Using the Linux Kernel Tracepoints},
|
||
url={https://www.kernel.org/doc/html/latest/trace/tracepoints.html},
|
||
author={Mathieu Desnoyers}
|
||
},
|
||
|
||
@manual{kprobe_manual,
|
||
title={Kernel Probes (Kprobes)},
|
||
author={Jim Keniston, Prasanna S Panchamukhi, Masami Hiramatsu},
|
||
url={https://www.kernel.org/doc/html/latest/trace/kprobes.html}
|
||
},
|
||
|
||
@online{kallsyms_kernel,
|
||
title={kallsyms: new /proc/kallmodsyms with builtin modules and symbol sizes},
|
||
author={Nick Alcock},
|
||
date={2021-06-06},
|
||
url={https://lwn.net/Articles/862021/}
|
||
},
|
||
|
||
@online{bcc_github,
|
||
title={BPF Compiler Collection (BCC)},
|
||
url={https://github.com/iovisor/bcc}
|
||
},
|
||
|
||
@online{libbpf_upstream,
|
||
title={BPF next kernel tree},
|
||
url={https://kernel.googlesource.com/pub/scm/linux/kernel/git/bpf/bpf-next}
|
||
},
|
||
|
||
@online{libbpf_github,
|
||
indextitle={libbpf GitHub},
|
||
url={https://github.com/libbpf/libbpf}
|
||
},
|
||
|
||
@online{libbpf_core,
|
||
title={BPF Portability and CO-RE},
|
||
url={https://facebookmicrosites.github.io/bpf/blog/2020/02/19/bpf-portability-and-co-re.html},
|
||
author={Andrii Nakryiko},
|
||
date={2020-02-19}
|
||
},
|
||
|
||
@manual{ebpf_kernel_flags,
|
||
title={Installing BCC: Kernel Configuration},
|
||
url={https://github.com/iovisor/bcc/blob/master/INSTALL.md}
|
||
},
|
||
|
||
@manual{ubuntu_caps,
|
||
title={capabilities - overview of Linux capabilities},
|
||
url={http://manpages.ubuntu.com/manpages/trusty/man7/capabilities.7.html}
|
||
},
|
||
|
||
@proceedings{evil_ebpf_p9,
|
||
institution = {NCC Group},
|
||
author = {Jeff Dileo},
|
||
organization= {DEFCON 27},
|
||
eventtitle = {Evil eBPF Practical Abuses of an In-Kernel Bytecode Runtime},
|
||
url = {https://raw.githubusercontent.com/nccgroup/ebpf/master/talks/Evil_eBPF-DC27-v2.pdf},
|
||
pages={9}
|
||
},
|
||
|
||
@online{ebpf_caps_intro,
|
||
title={[PATCH v7 bpf-next 1/3] bpf, capability: Introduce CAP\_BPF},
|
||
url={https://lore.kernel.org/bpf/20200513230355.7858-2-alexei.starovoitov@gmail.com/}
|
||
},
|
||
|
||
@online{ebpf_caps_lwn,
|
||
title={capability: introduce CAP\_BPF and CAP\_TRACING},
|
||
url={https://lwn.net/Articles/797807/}
|
||
},
|
||
|
||
@online{unprivileged_ebpf,
|
||
title={Reconsidering unprivileged BPF},
|
||
url={https://lwn.net/Articles/796328/}
|
||
},
|
||
|
||
@online{cve_unpriv_ebpf,
|
||
title={CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability},
|
||
url={https://www.openwall.com/lists/oss-security/2022/01/11/4}
|
||
},
|
||
|
||
@online{unpriv_ebpf_ubuntu,
|
||
title={Unprivileged eBPF disabled by default for Ubuntu 20.04 LTS, 18.04 LTS, 16.04 ESM},
|
||
url={https://discourse.ubuntu.com/t/unprivileged-ebpf-disabled-by-default-for-ubuntu-20-04-lts-18-04-lts-16-04-esm/27047}
|
||
},
|
||
|
||
@online{unpriv_ebpf_redhat,
|
||
title={CVE-2022-0002},
|
||
url={https://access.redhat.com/security/cve/cve-2021-4001}
|
||
},
|
||
|
||
@online{unpriv_ebpf_suse,
|
||
title={Security Hardening: Use of eBPF by unprivileged users has been disabled by default},
|
||
url={https://www.suse.com/support/kb/doc/?id=000020545}
|
||
},
|
||
|
||
@manual{8664_params_abi,
|
||
title={System V Application Binary Interface
|
||
AMD64 Architecture Processor Supplement},
|
||
author={H.J. Lu et al.},
|
||
pages={148},
|
||
date={2018-01-28},
|
||
url={https://raw.githubusercontent.com/wiki/hjl-tools/x86-psABI/x86-64-psABI-1.0.pdf}
|
||
},
|
||
|
||
@proceedings{ebpf_friends_p15,
|
||
institution = {Datadog},
|
||
author = {Guillaume Fournier, Sylvain Afchainthe},
|
||
organization= {DEFCON 29},
|
||
eventtitle = {Cyber Threats 2021: A year in Retrospect},
|
||
url = {https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/Guillaume%20Fournier%20Sylvain%20Afchain%20Sylvain%20Baubeau%20-%20eBPF%2C%20I%20thought%20we%20were%20friends.pdf},
|
||
pages={15}
|
||
},
|
||
|
||
@online{ebpf_override_return,
|
||
title={BPF-based error injection for the kernel},
|
||
url={https://lwn.net/Articles/740146/}
|
||
},
|
||
|
||
@online{code_kernel_open,
|
||
indextitle={Linux kernel source code},
|
||
url={https://elixir.bootlin.com/linux/v5.11/source/fs/open.c#L1192}
|
||
},
|
||
|
||
@online{code_kernel_syscall,
|
||
indextitle={Linux kernel source code},
|
||
url={https://elixir.bootlin.com/linux/v5.11/source/include/linux/syscalls.h#L233}
|
||
},
|
||
|
||
@online{fault_injection,
|
||
title={Injecting faults into the kernel},
|
||
url={https://lwn.net/Articles/209257/},
|
||
date={2006-11-04}
|
||
},
|
||
|
||
@online{mem_page_arch,
|
||
title={Memory Management 101: Introduction
|
||
to Memory Management in Linux},
|
||
url={https://events19.linuxfoundation.org/wp-content/uploads/2017/12/MM-101-Introduction-to-Linux-Memory-Management-Christoph-Lameter-Jump-Trading-LLC-1.pdf},
|
||
date={2017-12-01},
|
||
author={Christopher Lameter},
|
||
organization={The Linux Foundation Open Source Summit},
|
||
institution={Jump Trading LLC}
|
||
},
|
||
|
||
@online{page_faults,
|
||
title={Understanding page faults and memory swap-in/outs},
|
||
url={https://scoutapm.com/blog/understanding-page-faults-and-memory-swap-in-outs-when-should-you-worry},
|
||
date={2019-08-19},
|
||
author={Doug Breaker}
|
||
},
|
||
|
||
@online{mem_arch_proc,
|
||
title={Stack-based Buffer Overflow - Part 1},
|
||
url={https://h3xduck.github.io/exploit/2021/05/23/stackbufferoverflow-part1.html},
|
||
date={2021-05-23},
|
||
author={Marcos Sánchez Bajo}
|
||
},
|
||
|
||
@manual{8664_params_abi_p18,
|
||
title={System V Application Binary Interface
|
||
AMD64 Architecture Processor Supplement},
|
||
author={H.J. Lu et al.},
|
||
pages={18},
|
||
date={2018-01-28},
|
||
url={https://raw.githubusercontent.com/wiki/hjl-tools/x86-psABI/x86-64-psABI-1.0.pdf}
|
||
},
|
||
|
||
@online{write_helper_non_fault,
|
||
title={probe\_write\_common\_error},
|
||
url={https://www.spinics.net/lists/bpf/msg16795.html}
|
||
},
|
||
|
||
@online{code_vfs_read,
|
||
indextitle={Linux kernel source code},
|
||
url={https://elixir.bootlin.com/linux/v5.11/source/fs/read_write.c#L476}
|
||
},
|
||
|
||
@manual{8664_params_abi_p1922,
|
||
title={System V Application Binary Interface
|
||
AMD64 Architecture Processor Supplement},
|
||
author={H.J. Lu et al.},
|
||
pages={19-22},
|
||
date={2018-01-28},
|
||
url={https://raw.githubusercontent.com/wiki/hjl-tools/x86-psABI/x86-64-psABI-1.0.pdf}
|
||
},
|
||
|
||
@online{network_layers,
|
||
title={The Network Layers Explained [with examples]},
|
||
author={Alienor},
|
||
date={2018-11-28},
|
||
url={https://www.plixer.com/blog/network-layers-explained/}
|
||
},
|
||
|
||
@online{tcp_reliable,
|
||
title={Transmission Control Protocol},
|
||
date={2022-04-19},
|
||
organization={IBM},
|
||
url={https://www.ibm.com/docs/en/aix/7.2?topic=protocols-transmission-control-protocol}
|
||
},
|
||
|
||
@online{tcp_handshake,
|
||
title={Three-Way Handshake},
|
||
url={https://www.sciencedirect.com/topics/computer-science/three-way-handshake}
|
||
},
|
||
|
||
@proceedings{evil_ebpf_p6974,
|
||
institution = {NCC Group},
|
||
author = {Jeff Dileo},
|
||
organization= {DEFCON 27},
|
||
eventtitle = {Evil eBPF Practical Abuses of an In-Kernel Bytecode Runtime},
|
||
url = {https://raw.githubusercontent.com/nccgroup/ebpf/master/talks/Evil_eBPF-DC27-v2.pdf},
|
||
pages={69-74}
|
||
},
|
||
|
||
@proceedings{ebpf_friends_p37,
|
||
institution = {Datadog},
|
||
author = {Guillaume Fournier, Sylvain Afchainthe},
|
||
organization= {DEFCON 29},
|
||
eventtitle = {Cyber Threats 2021: A year in Retrospect},
|
||
url = {https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/Guillaume%20Fournier%20Sylvain%20Afchain%20Sylvain%20Baubeau%20-%20eBPF%2C%20I%20thought%20we%20were%20friends.pdf},
|
||
pages={37}
|
||
},
|
||
|
||
@online{rop_prog_finder,
|
||
title={ROPgadget Tool},
|
||
url={https://github.com/JonathanSalwan/ROPgadget}
|
||
},
|
||
|
||
@online{glibc,
|
||
title={The GNU C library},
|
||
url={https://www.gnu.org/software/libc/}
|
||
},
|
||
|
||
@online{plt_got_technovelty,
|
||
title={PLT and GOT - the key to code sharing and dynamic libraries},
|
||
author={Ian Wienand},
|
||
url={https://www.technovelty.org/linux/plt-and-got-the-key-to-code-sharing-and-dynamic-libraries.html},
|
||
date={2011-05-11}
|
||
},
|
||
|
||
@online{plt_got_overlord,
|
||
title={GOT and PLT for pwning.},
|
||
author={David Tomaschik},
|
||
url={https://systemoverlord.com/2017/03/19/got-and-plt-for-pwning.html},
|
||
date={2017-03-19}
|
||
},
|
||
|
||
@manual{elf,
|
||
title={ELF},
|
||
url={https://wiki.osdev.org/ELF}
|
||
},
|
||
|
||
@online{pie_exploit,
|
||
title={Position Independent Code},
|
||
url={https://ir0nstone.gitbook.io/notes/types/stack/pie}
|
||
},
|
||
|
||
@online{aslr_pie_intro,
|
||
title={aslr/pie intro},
|
||
url={https://guyinatuxedo.github.io/5.1-mitigation_aslr_pie/index.html#aslrpie-intro}
|
||
},
|
||
|
||
@online{relro_redhat,
|
||
title={Hardening ELF binaries using Relocation Read-Only (RELRO)},
|
||
author={Huzaifa Sidhpurwala},
|
||
date={2019-01-28},
|
||
url={https://www.redhat.com/en/blog/hardening-elf-binaries-using-relocation-read-only-relro}
|
||
},
|
||
|
||
@online{cet_windows,
|
||
title={R.I.P ROP: CET Internals in Windows 20H1},
|
||
author={Yarden Shafir, Alex Ionescu},
|
||
date={2020-05-01},
|
||
url={https://windows-internals.com/cet-on-windows/}
|
||
},
|
||
|
||
@online{cet_linux,
|
||
title={Another Round Of Intel CET Patches, Still Working Toward Linux Kernel Integration},
|
||
author={Michael Larabel},
|
||
date={2021-07-21},
|
||
url={https://www.phoronix.com/scan.php?page=news_item&px=Intel-CET-v29}
|
||
},
|
||
|
||
@online{canary_exploit,
|
||
title={Stack Canaries},
|
||
url={https://ir0nstone.gitbook.io/notes/types/stack/canaries}
|
||
},
|
||
|
||
@online{rawtcp_lib,
|
||
title={RawTCP\_Lib},
|
||
author={Marcos Sánchez Bajo},
|
||
url={https://github.com/h3xduck/RawTCP_Lib}
|
||
},
|
||
|
||
@manual{proc_fs,
|
||
title={proc(5) — Linux manual page},
|
||
url={https://man7.org/linux/man-pages/man5/proc.5.html}
|
||
},
|
||
|
||
@online{proc_mem_write,
|
||
title={enable writing to /proc/pid/mem},
|
||
url={https://lwn.net/Articles/433326/}
|
||
},
|
||
|
||
@online{reverse_shell,
|
||
title={Reverse Shell},
|
||
url={https://www.imperva.com/learn/application-security/reverse-shell/}
|
||
},
|
||
|
||
@online{sudoers_man,
|
||
title={die.net sudoers(5) - Linux man page},
|
||
url={https://linux.die.net/man/5/sudoers}
|
||
},
|
||
|
||
@online{syscall_reference,
|
||
title={Linux Syscall Reference (64bit)},
|
||
url={https://syscalls64.paolostivanin.com/}
|
||
},
|
||
|
||
@online{code_kernel_execve,
|
||
indextitle={Linux kernel code},
|
||
url={https://elixir.bootlin.com/linux/v5.11/source/fs/exec.c#L2054}
|
||
},
|
||
|
||
@online{environ,
|
||
title={How to Set and List Environment Variables in Linux},
|
||
date={2021-06-03},
|
||
url={https://linuxize.com/post/how-to-set-and-list-environment-variables-in-linux/}
|
||
},
|
||
|
||
@online{execve_man,
|
||
title={execve(2) — Linux manual page},
|
||
url={https://man7.org/linux/man-pages/man2/execve.2.html}
|
||
},
|
||
|
||
@online{bpf_probe_write_user_errors,
|
||
title={[iovisor-dev] Accessing user memory and minor page faults},
|
||
date = {2017-08-06},
|
||
url={https://lists.linuxfoundation.org/pipermail/iovisor-dev/2017-September/001035.html}
|
||
},
|
||
|
||
@online{c_standard_main,
|
||
title={Main function},
|
||
url={https://en.cppreference.com/w/c/language/main_function}
|
||
},
|
||
|
||
@online{busybox_argv,
|
||
title={BusyBox Examples},
|
||
url={https://en.wikipedia.org/wiki/BusyBox#Examples}
|
||
},
|
||
|
||
@online{ips,
|
||
title={What is an intrusion prevention system?},
|
||
organization={VMware},
|
||
url={https://www.vmware.com/topics/glossary/content/intrusion-prevention-system.html}
|
||
},
|
||
|
||
@online{port_knocking,
|
||
title={Port Knocking -- Network Authentication Across Closed Ports},
|
||
author={Martin Krzywinski},
|
||
url={https://www.muppetwhore.net/sysadmin/html/v12/i06/a2.htm}
|
||
},
|
||
|
||
@report{bvp47_report_p49,
|
||
institution = {Pangu Lab},
|
||
title = {Bvp47 Top-tier Backdoor of US NSA Equation Group},
|
||
date = {2022-02-23},
|
||
pages={49},
|
||
url = {https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf}
|
||
},
|
||
|
||
@online{pangu_lab,
|
||
title={Welcome to Pangu Research Lab},
|
||
url={https://pangukaitian.github.io/pangu/?lg=en}
|
||
},
|
||
|
||
@online{rfc_tcp4,
|
||
title={TFC 793},
|
||
institution={Information Sciences Institute, University of Southern California},
|
||
date={1981-09-01},
|
||
url={https://datatracker.ietf.org/doc/html/rfc793}
|
||
},
|
||
|
||
@online{tcp_syn_payload,
|
||
title={TCP Fast Open: expediting web services},
|
||
date={2012-08-01},
|
||
author={Michael Kerrisk},
|
||
url={https://lwn.net/Articles/508865/}
|
||
},
|
||
|
||
@book{cisco_syn_firewall,
|
||
title={CCNP Security Firewall 642-617 Official Cert Guide},
|
||
date={2011-10-01},
|
||
author={David Hucaby, David Garneau, Anthony Sequeira},
|
||
page={436},
|
||
url={https://books.google.es/books?id=-lvwaqFbIS8C&dq=syn+packet+firewall+ignore+payload}
|
||
},
|
||
|
||
@online{hive_implant,
|
||
title={(U) Hive Engineering Development Guide},
|
||
date = {2014-10-15},
|
||
url={https://wikileaks.org/vault7/document/hive-DevelopersGuide/hive-DevelopersGuide.pdf}
|
||
},
|
||
|
||
@online{crc,
|
||
title={Cyclic redundancy check},
|
||
organization={Wikipedia},
|
||
url={https://en.wikipedia.org/wiki/Cyclic_redundancy_check}
|
||
},
|
||
|
||
@online{file_descriptors,
|
||
title={File Descriptor},
|
||
url={http://www.cse.cuhk.edu.hk/~ericlo/teaching/os/lab/11-FS/fd.html}
|
||
},
|
||
|
||
@online{raw_sockets,
|
||
title={raw(7) — Linux manual page},
|
||
urlhttps://man7.org/linux/man-pages/man7/raw.7.html={}
|
||
},
|
||
|
||
@online{cron,
|
||
title={How To Add Jobs To cron Under Linux or UNIX},
|
||
date={2022-06-02},
|
||
author={Vivek Gite},
|
||
url={https://www.cyberciti.biz/faq/how-do-i-add-jobs-to-cron-under-linux-or-unix-oses/}
|
||
},
|
||
|
||
@online{linux_daemons,
|
||
title={Linux Jargon Buster: What are Daemons in Linux?},
|
||
date={2021-06-05},
|
||
author={Bill Dyer},
|
||
url={https://itsfoss.com/linux-daemons/}
|
||
},
|
||
|
||
@online{code_kernel_getdents64,
|
||
indextitle={Linux kernel source code},
|
||
url={https://elixir.bootlin.com/linux/v5.11/source/fs/readdir.c#L351}
|
||
},
|
||
|
||
@online{getdents_man,
|
||
title={getdents(2) — Linux manual page},
|
||
url={https://man7.org/linux/man-pages/man2/getdents.2.html}
|
||
},
|
||
|
||
@online{code_kernel_linux_dirent64,
|
||
indextitle={Linux kernel source code},
|
||
url={https://elixir.bootlin.com/linux/v5.11/source/include/linux/dirent.h#L5}
|
||
},
|
||
|
||
@online{code_kerel_getdents_buffer_alignation,
|
||
indextitle={Linux kernel source code},
|
||
url={https://elixir.bootlin.com/linux/v5.11/source/fs/readdir.c#L313}
|
||
},
|
||
|
||
@online{xcellerator_getdents,
|
||
title={Linux Rootkits Part 6: Hiding Directories},
|
||
date={2020-09-19},
|
||
author={TheXcellerator},
|
||
url={https://xcellerator.github.io/posts/linux_rootkits_06/}
|
||
},
|
||
|
||
@online{embracethered_getdents,
|
||
title={Offensive BPF: Understanding and using bpf\_probe\_write\_user},
|
||
date={2021-10-20},
|
||
author={Johann Rehberger},
|
||
url={https://embracethered.com/blog/posts/2021/offensive-bpf-libbpf-bpf_probe_write_user/}
|
||
},
|
||
|
||
@online{dtype_dirent,
|
||
title={Format of a Directory Entry},
|
||
url={https://www.gnu.org/software/libc/manual/html_node/Directory-Entries.html}
|
||
},
|
||
|
||
@online{virtualbox_page,
|
||
title={VirtualBox},
|
||
url={https://www.virtualbox.org/}
|
||
},
|
||
|
||
@online{bridged_networking,
|
||
title={Bridgeg Networking},
|
||
url={https://docs.oracle.com/en/virtualization/virtualbox/6.0/user/network_bridged.html}
|
||
},
|
||
|
||
@online{nat_comptia,
|
||
title={What Is NAT?},
|
||
institution={CompTIA},
|
||
url={https://www.comptia.org/content/guides/what-is-network-address-translation}
|
||
},
|
||
|
||
@online{kernel_modules_restrict,
|
||
title={Increasing Linux kernel integrity},
|
||
author={Michael Boelen},
|
||
date={2015-05-12},
|
||
url={https://linux-audit.com/increase-kernel-integrity-with-disabled-linux-kernel-modules-loading/}
|
||
}
|
||
|
||
|
||
|
||
|
||
|