Rootkit Programming

Praktika	6 SWS / 10 ECTS
Veranstalter:	Manuel Andreas
Zeit und Ort:	Preliminary Meeting: Thursday, 30.01.2025 / 12.00 h in / Room 01.08.033
Beginn:

The lecture is given in english

The slides are available in english

The exam will be in english

Dates

Preliminary Meeting: Thursday, 30.01.2025 / 12.00 h in / Room 01.08.033
Slides Preliminary Meeting: slides

Registration

Solve the qualification challenge individually: https://courses.sec.in.tum.de/static/rk-qual-25s.tar.gz
Submit your flag at https://courses.sec.in.tum.de/rootkit
Register via the matching system

In this lab, we will take an in-depth look at the functionality of Linux-based rootkits. Students will first be introduced to Linux user space rootkits, before diving into basic Loadable Kernel Module (LKM) programming. Based on this knowledge, students will then be tasked with implementing various rootkit functionality in kernel space. The target platform is primarily x86-64 and the Linux 6.X kernel. In addition, we will cover rootkit protection and detection mechanisms and how to defeat them in practice.

The goal of this lab is to provide students with detailed knowledge of how rootkits work and the internals of the Linux kernel.

Literature

	Understanding the Linux Kernel Daniel P. Bovet & Marco Cesati,Third Edition, O'Reilly, 2005
	Linux Device Drivers Jonathan Corbet, Alessandro Rubini, & Greg Kroah-Hartman, Third Edition, O'Reily, 2005

Rootkit Programming