Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
UNIX ELF Reverse engineering workshop. Learn from the most passionate and well researched hackers in the underworld.
52 views
Skip to first unread message
Ryan O'Neill
Apr 5, 2012, 9:37:38 PM4/5/12
to
Linux ELF Reverse engineering classes from Phracks very own ELFMaster!
(Seattle)
Linux ELF Reverse Engineering classes from Phrack's very own
ELFMaster! (Seattle)
Usual pricing for comparable classes: 2k to 5k.
Our price: 750.00
Led by 'The Elfmaster' AKA Ryan James O. http://arcane.labratory.blogspot.com
Please email me at ryan[at]codeslum.org, or call my assistant at
206-229-0700 and inquire about the 'Blackhat in a Mirror' workshop.
Dates: 4/13 - 4/15 - 24 hours total
Certificate of completion demonstrates that the student is qualified
for Linux malware analysis/mitigation, kernel rootkit detection using
a simple debugger, and understands the more esoteric facets of Linux
user space. On the final day the student is expected to apply their
new-learned skills in a challenge related to virus detection and
disinfection. The winner will receive the chance to co-teach the next
workshop, and will receive my loyal mentor-ship, just as Silvio Ceaser
has been a mentor to me for 14+ years.
Private lesson workshop available for 1200.00 which includes a free
and never-ending mentor-ship, as well as access to real blackhat
resources, and unpublished software related to ELF malware
disinfection, forensics, anti-forensics, and viruses. I have served as
a mentor at times before, and am willing to do this for computer
science majors as well.
Description:
Are you working as a software engineer, computer security
professional, or want to learn the arcane wisdom of ELF (Executable
Linking Format), ELF viruses, ELF Malware analysis, and memory
infections? We are offering a 3 day course that revolves around
learning to hack Linux Binary objects better than the hackers. I am a
hacker, I have been investigated by the feds when I was a teenager,
but now hold a federal clearance through the DoD. I have designed
software that is running on Nuclear power plants, and Missile Silos to
prevent hackers from reverse engineering sensitive software. It has
taken me years of software engineering, and ELF virus writing, anti-
virus writing, and debugging to understand one of the most tedious
subjects known in Linux computer science. But these skills apply to
many areas, including understanding how programs look in memory, the
different segments that are mapped such as the heap, the stack, the
text segment and the data segment which are applicable across Linux/
MAC and Windows. As the instructor, I am taking a dry topic and
turning it into an innovative, exciting experience. Anyone who signs
up will also get a free, never before disclosed, version of 'Quenya'
an ELF reverse engineering system that can perform everything from
injecting Viruses, to Removing Viruses, to modifying ELF binaries and
process images in ways that only an experienced hacker has the
capacity for innovating.
My credentials are listed below, although I would prefer not to list
my places of work I will list some of my publications and conferences:
1. Kprobe instrumentation of the Linux kernel for Anti-Security:
Phrack 67http://www.phrack.org/issues.html?issue=67
2. ELF Runtime infection via Global offset table poisoning while
bypassing mprotect() ptrace restrictions that is implemented in PaX
Was on vx.netlux.org which is currently down for investigation.
Conferences:
RuxCon 2010
Kprobe instrumentation of the kernel for anti-security
RuxCon 2011
Real world Linux userspace malware forensics and anti-forensics
ISCJWG
ICS/SCADA Homeland security conference
Anti-exploitation of legacy systems on SCADA/ICS infrastructures
I am currently writing an amazing book on ELF reverse engineering,
which we will be using as part of our syllabus. For all of those
interested here is the table of contents:
ELF Reverse engineering the fun way -- The definitive guide.
0x0. Intro
0x1. ELF Concepts
A. ELF Header
B. Section headers
C. Program headers
D. The text segment
E. The data segment
F. The dynamic segment
0x2. Hacking ELF in creative ways
A. Quenya (The reverse engineering software I designed)
B. Relocatable code injection, and examples of Quenya's relocation
code.
C. PLT/GOT Infection for function hijacking after relocatable code
injection.
D. Writing a text segment padding virus.
E. Userspace antiforensics by injecting and relocating a target
executable into an existing PID.
0x3. Detecting ELF Malware
A. Detecting parasites/viruses on disk
B. Detecting PLT/GOT infections in memory
C. Detecting Text segment modifications in memory
D. Detecting relocatable code injection in memory
E. Detecting ET_EXEC anti-forensic method described in 2.E
0x4. Writing advanced ELF memory software
A. Dumping a dynamically linked process image from memory onto disk.
B. Writing an ELF encryptor/packer
C. Writing an ELF unpacker (To decrypt UPX packed executables for
instance.)
0x5. Detecting kernel malware by comparing vmlinux .text segment
against volatile memory.
A. Writing A custom /dev/kmem LKM
B. Locating the alternative instruction patches that are utilized to
patch the kernels text at runtime
C. Fixing up the runtime patches
D. Comparing the text against kernel memory code.
Each participant upon completing the class will receive a certificate
stating that they have successfully completed a course in using Linux
object utilities and debuggers to reverse engineer ELF objects, as
well as utilize this knowledge to detect userspace and kernel malware
on a system without using any custom software.
Many of these classes are taught by some computer security
professionals who are hyped up such as Dan Kaminsky, a white hat who
has been hacked by blackhats. I admittedly keep my blackhat ties so
that I know what the latest anti-security technologies are that are
being utilized. Please check out arcane-labratory.blogspot.com to see
a slew of ELF accomplishments.
The classes will be held in Bothell, and each participant is expected
to bring a laptop, if Linux is not available then we will have you
login to a shell account. These classes typically cost 2k to 3k, and
are held at conferences. This workshop will only take place once, and
a knowledge of Linux and C is preferable. By the end of this course
you will be familiar with ELF Viruses, ELF Virus detection, malware
analysis, ELF runtime infection using sys_ptrace(), ELF executables,
shared libraries, shared objects, core files, and even how to decrypt
an encrypted ELF executable.
Why am I doing this? The knowledge I have to present is Arcane, and
few people are worthy of learning it. The truth is, I am looking for a
Mentor, and possibly an employee who I can take on once the time is
right. No favoritism will be displayed, each paying customer will get
an equal amount of attention, and I will be available online via email
and IRC during evenings. The workshop you are going to attend will be
taught by the most reformed and kindly blackhat that you will ever
meet. If the individual is not satisfied with the classes then a
refund is warranted, but only if the student is not able to pass our
final exam with at least a 70%.
Each day is 8 hours, with a one hour lunch break. Homework will be
given over the first two evenings.
What are my own current projects? I am waiting for funding from DARPA
on a related technology (cannot provide details) contract, I am also
designing linuxforensicsanalysis.pro which is an extension of soon to
be Bitlackeys.org. The forensics site will provide paying users the
ability to give a daily upload of a compressed snapshot of volatile
memory that will detect for hacker intrusion and infection. I strongly
encourage companies such as iSEC, Security Innovation, Pikewerks, and
any company that wants their employees to have a better understanding
of how programs work in memory to take advantage of this powerful,
informative workshop. I can promise that the students will come out
with a better understanding of the C programming language, especially
when and where to allocate certain memory types, why recursive
functions are dangerous, and how to protect their own software against
hackers.
Please call my Assistant at 206-229-0700, ask about the "Black Hat in
a Mirror" workshop. The classes are 4/13/12 - 4/15/12. Food and
refreshments will be provided, and I highly encourage both Men and
Women to participate. It will be an experience that will forever
change your look upon computer science, system administration, and
will advance you to a spot where your learning exponentiates at
incredible rates.
I am a hacker. A father. An Artist, and a mentor to all those who have
a vehement desire to learn the arcane and esoteric ways of my blackhat
colleagues. Hacking into computer systems is immoral and illegal, but
hacking your own system before an intrusion is truly auspicious and
any real hacker will respect that. If you are interested you MUST call
my assistant or email me at ryan[at]codeslum.org.
(Seattle)
Linux ELF Reverse Engineering classes from Phrack's very own
ELFMaster! (Seattle)
Usual pricing for comparable classes: 2k to 5k.
Our price: 750.00
Led by 'The Elfmaster' AKA Ryan James O. http://arcane.labratory.blogspot.com
Please email me at ryan[at]codeslum.org, or call my assistant at
206-229-0700 and inquire about the 'Blackhat in a Mirror' workshop.
Dates: 4/13 - 4/15 - 24 hours total
Certificate of completion demonstrates that the student is qualified
for Linux malware analysis/mitigation, kernel rootkit detection using
a simple debugger, and understands the more esoteric facets of Linux
user space. On the final day the student is expected to apply their
new-learned skills in a challenge related to virus detection and
disinfection. The winner will receive the chance to co-teach the next
workshop, and will receive my loyal mentor-ship, just as Silvio Ceaser
has been a mentor to me for 14+ years.
Private lesson workshop available for 1200.00 which includes a free
and never-ending mentor-ship, as well as access to real blackhat
resources, and unpublished software related to ELF malware
disinfection, forensics, anti-forensics, and viruses. I have served as
a mentor at times before, and am willing to do this for computer
science majors as well.
Description:
Are you working as a software engineer, computer security
professional, or want to learn the arcane wisdom of ELF (Executable
Linking Format), ELF viruses, ELF Malware analysis, and memory
infections? We are offering a 3 day course that revolves around
learning to hack Linux Binary objects better than the hackers. I am a
hacker, I have been investigated by the feds when I was a teenager,
but now hold a federal clearance through the DoD. I have designed
software that is running on Nuclear power plants, and Missile Silos to
prevent hackers from reverse engineering sensitive software. It has
taken me years of software engineering, and ELF virus writing, anti-
virus writing, and debugging to understand one of the most tedious
subjects known in Linux computer science. But these skills apply to
many areas, including understanding how programs look in memory, the
different segments that are mapped such as the heap, the stack, the
text segment and the data segment which are applicable across Linux/
MAC and Windows. As the instructor, I am taking a dry topic and
turning it into an innovative, exciting experience. Anyone who signs
up will also get a free, never before disclosed, version of 'Quenya'
an ELF reverse engineering system that can perform everything from
injecting Viruses, to Removing Viruses, to modifying ELF binaries and
process images in ways that only an experienced hacker has the
capacity for innovating.
My credentials are listed below, although I would prefer not to list
my places of work I will list some of my publications and conferences:
1. Kprobe instrumentation of the Linux kernel for Anti-Security:
Phrack 67http://www.phrack.org/issues.html?issue=67
2. ELF Runtime infection via Global offset table poisoning while
bypassing mprotect() ptrace restrictions that is implemented in PaX
Was on vx.netlux.org which is currently down for investigation.
Conferences:
RuxCon 2010
Kprobe instrumentation of the kernel for anti-security
RuxCon 2011
Real world Linux userspace malware forensics and anti-forensics
ISCJWG
ICS/SCADA Homeland security conference
Anti-exploitation of legacy systems on SCADA/ICS infrastructures
I am currently writing an amazing book on ELF reverse engineering,
which we will be using as part of our syllabus. For all of those
interested here is the table of contents:
ELF Reverse engineering the fun way -- The definitive guide.
0x0. Intro
0x1. ELF Concepts
A. ELF Header
B. Section headers
C. Program headers
D. The text segment
E. The data segment
F. The dynamic segment
0x2. Hacking ELF in creative ways
A. Quenya (The reverse engineering software I designed)
B. Relocatable code injection, and examples of Quenya's relocation
code.
C. PLT/GOT Infection for function hijacking after relocatable code
injection.
D. Writing a text segment padding virus.
E. Userspace antiforensics by injecting and relocating a target
executable into an existing PID.
0x3. Detecting ELF Malware
A. Detecting parasites/viruses on disk
B. Detecting PLT/GOT infections in memory
C. Detecting Text segment modifications in memory
D. Detecting relocatable code injection in memory
E. Detecting ET_EXEC anti-forensic method described in 2.E
0x4. Writing advanced ELF memory software
A. Dumping a dynamically linked process image from memory onto disk.
B. Writing an ELF encryptor/packer
C. Writing an ELF unpacker (To decrypt UPX packed executables for
instance.)
0x5. Detecting kernel malware by comparing vmlinux .text segment
against volatile memory.
A. Writing A custom /dev/kmem LKM
B. Locating the alternative instruction patches that are utilized to
patch the kernels text at runtime
C. Fixing up the runtime patches
D. Comparing the text against kernel memory code.
Each participant upon completing the class will receive a certificate
stating that they have successfully completed a course in using Linux
object utilities and debuggers to reverse engineer ELF objects, as
well as utilize this knowledge to detect userspace and kernel malware
on a system without using any custom software.
Many of these classes are taught by some computer security
professionals who are hyped up such as Dan Kaminsky, a white hat who
has been hacked by blackhats. I admittedly keep my blackhat ties so
that I know what the latest anti-security technologies are that are
being utilized. Please check out arcane-labratory.blogspot.com to see
a slew of ELF accomplishments.
The classes will be held in Bothell, and each participant is expected
to bring a laptop, if Linux is not available then we will have you
login to a shell account. These classes typically cost 2k to 3k, and
are held at conferences. This workshop will only take place once, and
a knowledge of Linux and C is preferable. By the end of this course
you will be familiar with ELF Viruses, ELF Virus detection, malware
analysis, ELF runtime infection using sys_ptrace(), ELF executables,
shared libraries, shared objects, core files, and even how to decrypt
an encrypted ELF executable.
Why am I doing this? The knowledge I have to present is Arcane, and
few people are worthy of learning it. The truth is, I am looking for a
Mentor, and possibly an employee who I can take on once the time is
right. No favoritism will be displayed, each paying customer will get
an equal amount of attention, and I will be available online via email
and IRC during evenings. The workshop you are going to attend will be
taught by the most reformed and kindly blackhat that you will ever
meet. If the individual is not satisfied with the classes then a
refund is warranted, but only if the student is not able to pass our
final exam with at least a 70%.
Each day is 8 hours, with a one hour lunch break. Homework will be
given over the first two evenings.
What are my own current projects? I am waiting for funding from DARPA
on a related technology (cannot provide details) contract, I am also
designing linuxforensicsanalysis.pro which is an extension of soon to
be Bitlackeys.org. The forensics site will provide paying users the
ability to give a daily upload of a compressed snapshot of volatile
memory that will detect for hacker intrusion and infection. I strongly
encourage companies such as iSEC, Security Innovation, Pikewerks, and
any company that wants their employees to have a better understanding
of how programs work in memory to take advantage of this powerful,
informative workshop. I can promise that the students will come out
with a better understanding of the C programming language, especially
when and where to allocate certain memory types, why recursive
functions are dangerous, and how to protect their own software against
hackers.
Please call my Assistant at 206-229-0700, ask about the "Black Hat in
a Mirror" workshop. The classes are 4/13/12 - 4/15/12. Food and
refreshments will be provided, and I highly encourage both Men and
Women to participate. It will be an experience that will forever
change your look upon computer science, system administration, and
will advance you to a spot where your learning exponentiates at
incredible rates.
I am a hacker. A father. An Artist, and a mentor to all those who have
a vehement desire to learn the arcane and esoteric ways of my blackhat
colleagues. Hacking into computer systems is immoral and illegal, but
hacking your own system before an intrusion is truly auspicious and
any real hacker will respect that. If you are interested you MUST call
my assistant or email me at ryan[at]codeslum.org.
0 new messages