11-22, 16:05–17:05 (Europe/Vienna), Second Room
This talk looks at operations on Linux targets beneath commands and programs and frames them as executing a series of system calls without fussing about too much with higher-level details, then employs that perspective to rejigger the meat and potatoes of Linux operations just enough to make detection that much harder.
In a sense, Linux ops are just a series of commands sent to some shell we've got calling back to us. That all just boils down to running a bunch of programs (except when it doesn't), but under the hood we're just running a bunch of code to do things which turns out to be just a convenient way to make system calls which themselves are just a handy way to ask the Linux kernel to do things for us.
Unjust application of layers of abstraction has, in one Red Teamer's opinion, made Linux seem way more complicated than necessary. In this talk we'll distill Linux operations down to a handful of system calls and a bit of syntax to make them happen and build on that to give ourselves flexibility to operate with ease in the somewhat unpredictable modern landscape of minimal containers, hardened distributions, and so on.
Stuart is a Principal Offensive Security Engineer, focusing on Red Teaming, Unix, and general Swiss Army knifery. He's been on the offensive side of public and private sector security for upwards a decade, during which time he's been an operator and trainer and developed a small arsenal of public and private offensive tools.