Learning Linux binary analysis : uncover the secrets of Linux binary analysis with this handy guide

Learning Linux binary analysis uncover the secrets of Linux binary analysis with this handy guide

Uncover the secrets of Linux binary analysis with this handy guide About This Book Grasp the intricacies of the ELF binary format of UNIX and Linux Design tools for reverse engineering and binary forensic analysis Insights into UNIX and Linux memory infections, ELF viruses, and binary protection sch...

Descripción completa

Detalles Bibliográficos
Otros Autores: I'Neill, Ryan "elfmaster", author (author)
Formato: Libro electrónico
Idioma:Inglés
Publicado: Birmingham : Packt Publishing 2016.
Edición:1st edition
Colección:Community experience distilled.
Materias:
Linux.
UNIX (Computer file)
Operating systems (Computers)
Software engineering.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009630062606719
Tabla de Contenidos:
  • Cover; Copyright; Credits; About the Author; Acknowledgments; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: The Linux Environment and Its Tools; Chapter 2: The ELF Binary Format; Chapter 3: Linux Process Tracing; Chapter 4: ELF Virus Technology - Linux/Unix Viruses; Chapter 5: Linux Binary Protection; Chapter 6: ELF Binary Forensics in Linux; Chapter 7: Process Memory Forensics; Chapter 8: ECFS - Extended Core File Snapshot Technology; Chapter 9: Linux /proc/kcore Analysis; Index; Linux tools; Useful devices and files; Linker-related environment points
  • SummaryELF file types; ELF program headers; ELF section headers; ELF symbols; ELF relocations; ELF dynamic linking; Coding an ELF Parser; Summary; The importance of ptrace; ptrace requests; The process register state and flags; A simple ptrace-based debugger; A simple ptrace debugger with process attach capabilities; Advanced function-tracing software; ptrace and forensic analysis; Process image reconstruction - from the memory to the executable; Code injection with ptrace; Simple examples aren't always so trivial; Demonstrating the code_inject tool; A ptrace anti-debugging trick; Summary
  • ELF virus technologyELF virus engineering challenges; ELF virus parasite infection methods; The PT_NOTE to PT_LOAD conversion infection method; Infecting control flow; Process memory viruses and rootkits - remote code injection techniques; ELF anti-debugging and packing techniques; ELF virus detection and disinfection; Summary; ELF binary packers - dumb protectors; Stub mechanics and the userland exec; Other jobs performed by protector stubs; Existing ELF binary protectors; Downloading Maya-protected binaries; Anti-debugging for binary protection; Resistance to emulation; Obfuscation methods
  • Protecting control flow integrityOther resources; Summary; The science of detecting entry point modification; Detecting other forms of control flow hijacking; Identifying parasite code characteristics; Checking the dynamic segment for DLL injection traces; Identifying reverse text padding infections; Identifying text segment padding infections; Identifying protected binaries; IDA Pro; Summary; What does a process look like?; Process memory infection; Detecting the ET_DYN injection; Linux ELF core files; Summary; History; The ECFS philosophy; Getting started with ECFS
  • libecfs - a library for parsing ECFS filesreadecfs; Examining an infected process using ECFS; The ECFS reference guide; Process necromancy with ECFS; Learning more about ECFS; Summary; Linux kernel forensics and rootkits; stock vmlinux has no symbols; /proc/kcore and GDB exploration; Direct sys_call_table modifications; Kprobe rootkits; Debug register rootkits - DRR; VFS layer rootkits; Other kernel infection techniques; vmlinux and .altinstructions patching; Using taskverse to see hidden processes; Infected LKMs - kernel drivers; Notes on /dev/kmem and /dev/mem; /dev/mem
  • K-ecfs - kernel ECFS

Ejemplares similares