Exploit Lecture: Writing FreeBSD Malware
Yonas Yanfa
yonas at fizk.net
Sat Apr 28 15:53:17 UTC 2018
Peter, who fucking cares if he wears a hat indoors? That's some
old-timey shit!
Can you even explain exactly why it's such a "basic human courtesy"?
Other than, "Because we've always done it that way........".
And to broadcast this for the entire mailing list...WTF MATE??
Welcome to 2018. His head, his rules!
#FreeTheHat #HatNazi #NoHatForYou!
On 04/28/2018 08:53, Peter G. wrote:
> Webb, next time when talking to any audience, remove your fucking hat.
> That's basic human courtesy.
> --
> PG
>
> On 28/04/2018 04:39, grarpamp wrote:
>> https://www.youtube.com/watch?v=bT_k06Xg-BE
>>
>> Without exploit mitigations and with an insecure-by-default design,
>> writing malware for FreeBSD is a fun task, taking us back to 1999-era
>> Linux exploit authorship. Several members of FreeBSD's development
>> team have claimed that Capsicum, a capabilities/sandboxing framework,
>> prevents exploitation of applications. Our in-depth analysis of the
>> topics below will show that in order to be effective, applying
>> Capsicum to existing complex codebases lends itself to wrapper-style
>> sandboxing. Wrapper-style sandbox is a technique whereby privileged
>> operations get wrapped and passed to a segregated process, which
>> performs the operation on behalf of the capsicumized process. With a
>> new libhijack payload, we will demonstrate that wrapper-style
>> sandboxing requires ASLR and CFI for effectiveness. FreeBSD supports
>> neither ASLR nor CFI. Tying into the wrapper-style Capsicum defeat,
>> we'll talk about advances being made with libhijack, a tool announced
>> at Thotcon 0x4. The payload developed in the Capsicum discussion will
>> be used with libhijack, thus making it easy to extend. We will also
>> learn the Mandatory Access Control (MAC) framework in FreeBSD. The MAC
>> framework places hooks into several key places in the kernel. We'll
>> learn how to abuse the MAC framework for writing efficient rootkits.
>> Attendees of this presentation should walk away with the knowledge to
>> skillfully and artfully write offensive code targeting both the
>> FreeBSD userland and the kernel.
>>
>> https://twitter.com/lattera/status/989602709950029824
>>
>> Shawn Webb is a cofounder of HardenedBSD, a hardened downstream
>> distribution of FreeBSD. With over a decade in infosec, he dabbles in
>> both the offensive and defensive aspects of the industry. On the
>> advisory board for Emerald Onion, Shawn believes in a more free and
>> open Internet. His whole house is wired for Tor. Getting on the Tor
>> network is only a network jack away!
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
--
Yonas Yanfa
In Love With Open Source
Drupal <http://drupal.org/user/473174> :: GitHub
<http://github.com/yonas> :: Mozilla
<https://addons.mozilla.org/en-US/thunderbird/user/4614995/>
fizk.net | yonas at fizk.net
More information about the freebsd-security
mailing list