┌───────────────────────┐
▄▄▄▄▄ ▄▄▄▄▄ ▄▄▄▄▄ │
│ █ █ █ █ █ █ │
│ █ █ █ █ █▀▀▀▀ │
│ █ █ █ █ ▄ │
│ ▄▄▄▄▄ │
│ █ █ │
│ █ █ │
│ █▄▄▄█ │
│ ▄ ▄ │
│ █ █ │
│ █ █ │
│ █▄▄▄█ │
│ ▄▄▄▄▄ │
│ █ │
│ █ │
└───────────────────█ ──┘
TMP.0UT stands on the shoulders of giants, and we lend a hand for the next generation of giants to stand on ours.
This repo contains an appendix of resources and links to our own work and the work of others.
If you see your work cited here and would like us to credit in a more specific way, please let us know!
A collection of awesome ELF resources
Your contributions are always welcome !
-
Bx and the ELF metadata
-
Orlando Padilla and binary parsers
-
David Smith and Handmade ELFs
-
Ignacio Sanmillan / Paul Litvak and ELF 101
-
netspooky and ELF Binary Mangling
-
Ignat Korchagin and object files
-
Patrick Horgan and main()
-
Samuel A. Falvo II and ELF
-
MaskRay and ELF interposition
-
Manu Garg and ELF Auxiliary Vectors
-
Aprodu Andrei Ciprian and ELF linking process
-
elfmaster and everything about ELF
- ELF shared library injection forensics
- Secure ELF parsing/loading library
- ... and examples
- Transform vmlinuz into a fully debuggable vmlinux that can be used with /proc/kcore
- fork-trace
- extended core file snapshot format and exec
- Obfuscates dynamic symbol table
- ftrace and new ftrace
- hidden process /bin/ps
- davinci
- sherlocked
-
Tools
-
Peter Ferrie and Flibi
-
TheXcellerator and Linux Rootkits
- Linux Rootkits Part 1: Introduction and Workflow
- Linux Rootkits Part 2: Ftrace and Function Hooking
- Linux Rootkits Part 3: A Backdoor to Root
- Linux Rootkits Part 4: Backdooring PRNGs by Interfering with Char Devices
- Linux Rootkits Part 5: Hiding Kernel Modules from Userspace
- Linux Rootkits Part 6: Hiding Directories
- Linux Rootkits Part 7: Hiding Processes
- Linux Rootkits Part 8: Hiding Open Ports
- Linux Rootkits Part 9: Hiding Logged In Users (Modifying File Contents Without Touching Disk)
- Fancy Bear’s a Lumberjack and It’s Okay - A Dive into the Kernel Component of Drovorub
- Linux Rootkits: New Methods for Kernel 5.7+
-
Shreyansh Singh and ELF-Miner
-
Lucas Galante + Marcus Botacin and (malware/goodware) binary classification
-
elfmaster and ELF vx
-
Intezer Labs and malware analysis