Interested in getting started with userland rootkits? Brett Mack from OpenCredo will starting right from the beginning on how to create a very basic rootkit!
Brett finds there is so much that can be learned from the InfoSec community, seeing how a system or service can be broken is a great way to learn how it works. This talk aims to provide an introduction to userland rootkits, specifically those that leverage the LD_PRELOAD technique. During the talk, he will take you through creating a very basic rootkit, and show how they work with a little help from C, the GNU linker, and a tiny bit of assembly (Brett knows neither of these languages well so it will be kept basic).
An introduction to userland rootkits. How they work and what we can learn from them
Brett Mack is a DevOps consultant working for OpenCredo. He has been a Linux user since the painful days of Mandrake 8.0.