Exploit Lecture: Writing FreeBSD Malware
freebsd at disroot.org
Sat Apr 28 12:54:02 UTC 2018
Webb, next time when talking to any audience, remove your fucking hat.
That's basic human courtesy.
On 28/04/2018 04:39, grarpamp wrote:
> Without exploit mitigations and with an insecure-by-default design,
> writing malware for FreeBSD is a fun task, taking us back to 1999-era
> Linux exploit authorship. Several members of FreeBSD's development
> team have claimed that Capsicum, a capabilities/sandboxing framework,
> prevents exploitation of applications. Our in-depth analysis of the
> topics below will show that in order to be effective, applying
> Capsicum to existing complex codebases lends itself to wrapper-style
> sandboxing. Wrapper-style sandbox is a technique whereby privileged
> operations get wrapped and passed to a segregated process, which
> performs the operation on behalf of the capsicumized process. With a
> new libhijack payload, we will demonstrate that wrapper-style
> sandboxing requires ASLR and CFI for effectiveness. FreeBSD supports
> neither ASLR nor CFI. Tying into the wrapper-style Capsicum defeat,
> we'll talk about advances being made with libhijack, a tool announced
> at Thotcon 0x4. The payload developed in the Capsicum discussion will
> be used with libhijack, thus making it easy to extend. We will also
> learn the Mandatory Access Control (MAC) framework in FreeBSD. The MAC
> framework places hooks into several key places in the kernel. We'll
> learn how to abuse the MAC framework for writing efficient rootkits.
> Attendees of this presentation should walk away with the knowledge to
> skillfully and artfully write offensive code targeting both the
> FreeBSD userland and the kernel.
> Shawn Webb is a cofounder of HardenedBSD, a hardened downstream
> distribution of FreeBSD. With over a decade in infosec, he dabbles in
> both the offensive and defensive aspects of the industry. On the
> advisory board for Emerald Onion, Shawn believes in a more free and
> open Internet. His whole house is wired for Tor. Getting on the Tor
> network is only a network jack away!
More information about the freebsd-questions