Injecting into Linux processes is nothing new, but it's a great way to get malicious code running without an additional process.Libpcap is also nothing new, but it's a great way to have malware wait for something interesting.Systemd is somewhat new, but it's a great place to inject malware using libpcap.Or so I thought.This talk follows the speaker's journey trying to inject a libpcap-based tool into systemd.Along the way we'll see how to get a running process to load a library, hook functions the easy way, and dodge selinux.
Stuart is a Red Teamer at IronNet, where he focuses on tool development, Unix, and general Swiss Army knifery.He's been on the offensive side of public and private sector security for six years, during which time he's been an operator and trainer and developed a small arsenal of public and private offensive tools. Stuart's been a speaker at BSides and CarolinaCon and has red teamed for Quantum Dawn and the Collegiate Cyber Defense Competition.