TMP.0UT

TMP.0UT stands on the shoulders of giants, and we lend a hand for the next generation of giants to stand on ours.

This repo contains an appendix of resources and links to our own work and the work of others. If something looks out of place, or you disagree with the categorization of a resource, drop us a PR and we will review it!

If you see your work cited here and would like us to credit in a more specific way, please let us know!

Links

These links appear in no particular order, and some remain unsorted:

Basic Reading

• http://h0mbre.github.io/Learn-C-By-Creating-A-Rootkit/

• http://gajastechnologies.blogspot.com/2016/12/how-to-create-virus-using-assembly.html

• http://notes.eatonphil.com/emulating-amd64-starting-with-elf.html?s=09

• http://cirosantilli.com/elf-hello-world

• http:https://labs.portcullis.co.uk/blog/fixing-the-links-hardening-the-linker/

• http://blogs.oracle.com/solaris/how-to-strip-an-elf-object-without-fully-understanding-it-v2

• http://www.conradk.com/codebase/2017/05/28/elf-from-scratch/

Analysis

• http://linux-audit.com/elf-binaries-on-linux-understanding-and-analysis/

• http://www.intezer.com/blog/malware-analysis/elf-malware-analysis-101-initial-analysis/

• http://fluxius.handgrep.se/2011/10/20/the-art-of-elf-analysises-and-exploitations/

• http://repository.root-me.org/Virologie/EN%20-%20Linux%20viruses%20%E2%80%93%20ELF%20file%20format.pdf

• http://linux-audit.com/elf-binaries-on-linux-understanding-and-analysis/

Standards

• http://man7.org/linux/man-pages/man5/elf.5.html

Tools

• http://github.com/eliben/pyelftools/blob/master/elftools/elf/elffile.py

• http://remnux.org/

• http://github.com/sad0p/go-readelf

• http://github.com/elfmaster/dt_infect

• http://github.com/NickStephens/elfit

• http://www.muppetlabs.com/~breadbox/software/elfkickers.html

• http://github.com/xoreaxeaxeax/sandsifter

Abuse & Exploitation

• http://blog.mdsec.co.uk/2015/05/my-lulzy-pwniez-abusing-kernel-elf.html

• http://fluxius.handgrep.se/2011/10/20/the-art-of-elf-analysises-and-exploitations/

• http://github.com/jtRIPper/parasite

• http://compilepeace.medium.com/malware-engineering-part-0x1-that-magical-elf-5be3556ecb2b

• Zenbleed by Tavis Ormandy

• http://cranklin.wordpress.com/2016/12/26/how-to-create-a-virus-using-the-assembly-language/

• http://tms.dicp.de/~alba/virus-writing-HOWTO/_html/index.html

• http://github.com/geekaaron/elf64-hijack

• http://lkmidas.github.io/posts/20210123-linux-kernel-pwn-part-1/

• http://vx-underground.org/papers/VXUG/Mirrors/Injection/linux/blog.gdssecurity.com-Linux%20based%20inter-process%20code%20injection%20withoutnbspptrace2.pdf

• http://virus.enemy.org/virus-writing-HOWTO/_html/

• http://lkmidas.github.io/posts/20210123-linux-kernel-pwn-part-1/

• http://lkmidas.github.io/posts/20210128-linux-kernel-pwn-part-2/

ELF Malware

• http://github.com/cranklin/cranky-data-virus

• http://hacktracking.blogspot.com/search/label/virus

Techniques

• http://github.com/xcellerator/linux_kernel_hacking/tree/master/3_RootkitTechniques

• http:https://labs.portcullis.co.uk/presentations/breaking-the-links-exploiting-the-linker/

PoCs

CTFs & Practice

• http://medium.com/bugbountywriteup/linux-reverse-engineering-ctfs-for-beginners-4cf03ff2cfb4

Golf

• http://github.com/xcellerator/libgolf

Publications

• http://nnc3.com/mags/LJ_1994-2014/LJ/213/11185.html

• http://phrack.org/issues/55/7.html

• http:https://github.com/0xricksanchez/paper_collection

• http://www.phrack.org/issues/56/7.html

• http:https://n0.lol/ebm/1.html

• http:https://n0.lol/ebm/2.html

• http:https://n0.lol/ebm/3.html

• http:https://n0.lol/ebm/4.html

• http://www.exploit-db.com/papers?author=8947

• http://www.nytimes.com/2004/02/08/magazine/the-virus-underground.html

Videos

• http://www.youtube.com/watch?v=VLmrsfSE-tA

Unsorted

http://twitter.com/s01den/status/1290600208582299648 http://www.goldsborough.me/c/low-level/kernel/2016/08/29/16-48-53-the_-ld_preload-_trick/
http://www.kernel.org/doc/Documentation/trace/ftrace.txt
http://github.com/torvalds/linux/blob/master/fs/binfmt_elf.c
http://www.wiw.org/~meta/vlad.php?read=ARTICLE.2_4&issue=7&desc=STAOG%20Linux%20Virus
http://github.com/xcellerator/linux_kernel_hacking/tree/master/3_RootkitTechniques/3.3_set_root http://blog.fbkcs.ru/elf-in-memory-execution/
http://vxheaven.org/lib/vhe02.html
http://vxheaven.org/lib/vhe06.html
http://github.com/iovisor/bcc/blob/master/docs/reference_guide.md
http://justine.lol/ape.html
http://github.com/xcellerator/linux_kernel_hacking/blob/master/3_RootkitTechniques/3.0_hiding_lkm/rootkit.c http://llvm.org/docs/WritingAnLLVMPass.html
http://vxheaven.org/lib/vrn00.html
http://github.com/marin-m/vmlinux-to-elf/
http://www.intezer.com/blog/malware-analysis/executable-linkable-format-101-part-2-symbols/
http://www.intezer.com/blog/research/executable-linkable-format-101-part1-sections-segments/
http://opensource.com/article/21/1/gnu-project-debugger
http://www.rfxn.com/projects/linux-malware-detect/
http://jm33.me/emp3r0r-process-injection-and-persistence.html
http://raw.githubusercontent.com/mozilla/positron/master/build/unix/elfhack/elfhack.cpp
http://www.sad0p-re.org/
http://www.drkns.net/kernel-who-does-magic/ http://phobosys.de/blog_january_21.html http://vx-underground.org/zines/Codebreakerz/cb1/Codbrk03.txt http://vx-underground.org/zines/Codebreakerz/cb1/ http://github.com/NixOS/patchelf
http://github.com/netspooky/golfclub/tree/master/linux http://www.vx-underground.org/archive/VxHeaven/lib/vrn00.html
http://www.redhat.com/en/blog/hardening-elf-binaries-using-relocation-read-only-relro
http://android.googlesource.com/platform/external/libunwind/+/262c86e/src/dwarf/
http://cobalt.googlesource.com/cobalt/+/9fd106630afcfc799d1f7d301e19935ee431681e/src/third_party/mozjs-45/build/unix/elfhack http://github.com/xcellerator/libgolf/blob/main/examples/01_dead_bytes/Makefile http://github.com/d3npa/experiments/tree/master/quick_elf_patching_in_rust http://netspooky.medium.com/elf-binary-mangling-part-1-concepts-e00cb1352301 http://n0.lol/bggp/writeup.html
http://bitlackeys.org/papers/secure_code_partitioning_2018.txt http://netspooky.medium.com/elf-binary-mangling-part-3-weaponization-6e11971108b3 http://packetstormsecurity.com/files/12327/elf-pv.txt.html http://www.usenix.org/system/files/conference/woot13/woot13-shapiro.pdf http:https://archive.org/details/dc-20-programming-weird-machines-with-elf http:https://archive.org/details/the-bits-between-the-bits-how-we-get-to-main-matt-godbolt http://lcamtuf.coredump.cx/soft/ld-expl http://blog.rapid7.com/2019/01/03/santas-elfs-running-linux-executables-without-execve/ http://github.com/cuviper/elfutils/blob/master/src/strip.c http://github.com/mewmew/dissection http://marc.info/?l=unix-virus http://timelessname.com/elfbin/ http://www.kitploit.com/2021/01/drow-injects-code-into-elf-executables.html?m=1&s=09
http://www.goldsborough.me/c/low-level/kernel/2016/08/29/16-48-53-the_-ld_preload-_trick/
http://fasterthanli.me/series/making-our-own-executable-packer/part-1
http://redcanary.com/blog/heavens-gate-technique-on-linux/
http://www.exploit-db.com/papers/14087/
http://github.com/cloudsec/elfpack/blob/master/elfpack.s
http://mbobrowski.org/research/runtime-process-infection-via-plt-got.html
http://kishuagarwal.github.io/life-of-a-binary.html
http://stffrdhrn.github.io/hardware/embedded/openrisc/2019/11/29/relocs.html http://github.com/elfmaster/libelfmaster
http://github.com/ulexec/Linux.RV/blob/master/rv.asm http://www.phrack.org/archives/issues/61/8.txt
http://wiki.osdev.org/ELF
http://www.muppetlabs.com/~breadbox/software/tiny/teensy.html http://papermint-designs.com/dmo-blog/2016-01-pocrypt-a-proof-of-concept-for-dynamically-decrypt-linux-binaries
http://www.guitmz.com/running-elf-from-memory/
http://medium.com/@MrJamesFisher/understanding-the-elf-4bd60daac571 http://0x00sec.org/t/elfun-file-injector/410 http://github.com/youben11/silvio-text-infect/blob/master/silvio_64.c http://magisterquis.github.io/2018/03/31/in-memory-only-elf-execution.html http://syscall.sh/ http://blog.w4kfu.com/
http://github.com/MrCheeze/pokered-self-replicator http://github.com/pallada-92/dna-3d-engine
http://s01den.github.io/ http:http://www.nth-dimension.org.uk/pub/BTL.pdf