This event has ended. Visit the official site or create your own event on Sched.
October 23-26, 2017 - Prague, Czech Republic
Click Here For Information & Registration
Back To Schedule
Tuesday, October 24 • 16:55 - 17:35
Subverting the Linux Kernel - Jessica Yu

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
A 'rootkit' typically refers to malicious software that enables an attacker to mask or obscure traces of intrusion and secure further control on a compromised system. While userland rootkits generally modify specific system binaries, kernel rootkits are especially insidious and powerful in that this class of rootkits can enable an attacker to subvert the heart of the system, granting abilities to modify kernel data structures and code. This talk aims to provide a beginner's introduction to Linux kernel rootkits and an overview of common methods used by attackers to cover their tracks. Since most existing literature on kernel rootkits focus on older 2.6.x kernels, we'll update these methods for newer kernels as needed. We'll also briefly cover general defenses against kernel rootkits. The talk will conclude with a demo on a modern 4.x kernel that employs the discussed methods and techniques.


Jessica Yu

Software Engineer, Hobbyist
Jessica is a kernel developer maintaining the modules code in the linux kernel and working on kernel live patching.

Tuesday October 24, 2017 16:55 - 17:35 CEST
  LinuxCon Tracks