Whitelisting LD PRELOAD for Fun and No Profit
Offered By: 0xdade via YouTube
Course Description
Overview
Explore the intricacies of LD_PRELOAD process injection and whitelisting solutions in this Shmoocon 2020 conference talk. Delve into how adversaries exploit LD_PRELOAD, understand its built-in audit system, and learn how to leverage it for whitelisting. Examine design and implementation considerations for whitelisting, and discover why built-in checks in the dynamic linker are more effective than bolt-on solutions. Follow along as the speaker demonstrates the creation and subsequent bypassing of a whitelisting solution, emphasizing the importance of integrating security measures closely with code.
Syllabus
Intro
Intro to LD_PRELOAD
Make It Persistent
It Can Be Good!
Evil Use Cases
Hooking Functions
Hooking Example
Execution on Load
Execution Example
The rtld-audit Subsystem
Lots of functions
At First, I Wanted to Log
Intercept Before Load
Let's Block Some Preloads!
Unauthorized Preloads
Monitor & Block Preloads
Enter Libpreloadvaccine!
Simple Logic
Simple Authorized List
Simple Deployment
Catch it in Action!
And Bypass it After!
Keep Security Close to Code
Taught by
0xdade
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network