Developing a Linux Loadable Kernel Module based rootkit from scratch

Developing a Linux Loadable Kernel Module based rootkit from scratch

Soumyanil Biswas

This talk is all about sharing the experience with all, which was learned while creating a LKM based rootkit. All those techniques and resources will be shared, in order to avoid all those overhead pains of finding out those appropriate concepts/ snippets, needed while making a LKM based rootkit, from all over the internet world, making things become easy as well as clear.

This will be a discussion on, how to know which entry point to access, implementing security concepts along with developing mindset, applying same concepts that was in market previously, in a different manner, to create a chance of getting antirootkit evaded, to implement syscall interception by finding syscall addresses, kernelmode function hooking, hiding rootkit deep inside the kernel to hide itself from usermode programs, making rootkit unremovable, etc

I made my own linux LKM rootkit, called reveng_rtkit. I will discuss how I made that. This will be a discussion on, how to know which entry point to access, implementing security concepts along with developing mindset, applying same concepts that was in market previously, in a different manner, to create a chance of getting antirootkit evaded, to implement syscall interception by finding syscall addresses, kernelmode function hooking, hiding rootkit deep inside the kernel to hide itself from usermode programs, making rootkit unremovable, etc All these are related to red team side of security. As well as ways of detection of my rootkit , so that blueteamers become aware of this kind of LKM rootkits. This portion is for blueteamers. This talk will be targeted towards red team, blueteam as well as purple team audiences.

Speaker's Bio

Though I have an electronics background, I have an immense interest in information security. I'm learning new stuff day in and day out. I'm passionate about offensive security more than defensive. I have played CTFs, solved 100+ rooms in TryHackMe as well as HackTheBox till now. Now a day, I am spending most of my time building scripts/projects and digging deep into windows system internals. I am currently working as Security Research Intern. Apart from these, I am also a Mixed Martial Arts practitioner.