BSDCan Banner
Home
Registration
Presentations
Speakers
Tutorials
Schedule
Sponsors
Call for papers
Papers
Committee

Social
BOFs
Subverting the FreeBSD ABI subsystem for phun and profit

This talk is the final result of personal research into the FreeBSD kernel with the goal of building a clever kernel rootkit framework. The main goal was building tools that would be helpful in the development of FreeBSD rookits.

An hypothetical rootkit, written with these tools, might be:

  • Flexible
  • Simple to trigger
  • Simple to apply (not passing from /dev/kmem or kernel .text overwriting)
  • Efficient
  • Opaque (very difficult to discover)

All these conditions are met by passing through the ABI (kernel binary emulation layer) subsystem.

The talk will show theoretical issues and a practical approach to crafting stealth rootkits with this new technique (in particular the remote usage of rootkits).

speaker: Attilio Rao

location: SITE A0150

Hotel + Travel
U of O Campus
About Ottawa
Maps
FAQ

Links
Help out!
Contact Us
News
Privacy
What is BSD?

BSDCan 2004
BSDCan 2005
BSDCan 2006
BSDCan 2007
BSDCan 2008
BSDCan 2009
BSDCan 2010
BSDCan 2011
BSDCan 2012
BSDCan 2013
BSDCan 2014
BSDCan 2015
BSDCan 2016
BSDCan 2017
BSDCan 2018
Copyright © 2003-2011 BSDCan. All rights reserved.
Valid HTML, and CSS