| Title |
Helikaon Linux Debuger |
| Type |
Video
|
| Tags |
debugger
|
| Abstract |
The Linux OS is not immune to malware and viruses. The reverse engineer is faced with fighting though anti-debugging protections when trying to understand these binaries. This can be a tedious and time consuming process. COTS debuggers, such as GDB and IDA Pro, are detected in Linux utilizing a variety of anti-debugging techniques. I have developed a stealthy Linux-driver-based debugger named "Helikaon" that will aid the reverse engineer in debugging a running executables without being detected. Guest Helikaon injects a jump at runtime from kernel land into a user mode running process rather than using standard debugger breakpoints like "INT 3" or DR0-DR7 hardware registers. Find out alternate techniques for dynamic analysis in the Linux environment.
|
| Authors |
Jason Raber
|
| Submitted |
April 21, 2009 |
| Rating |
Currently 0/5 stars (0 votes).
|
| Correlation |
| Linked to |
|
| Event |
REcon 2008
|
| Resource |
---
|
| Download |
| Source |
RECON2008-T07-Jason_Raber-Helikaon_Linux_Debuger.avi |
| Size |
207.4 MB |
| MD5 |
c63a5c881bb67b521bdd055998b2a160 |
| SHA1 |
45f0563581dc492009c935e62016b11fdfd41846 |
top
