In this course, I aim to introduce you to the low-level details and functioning of Linux rootkits. We will start by exploring a portion of the Linux kernel, learning how to browse kernel resources and access the information we need. Then, we will begin with the basics of kernel module programming and progress to writing more advanced and complex rootkits. Along the way, we will also examine some kernel data structures and device drivers.
As members of the Purple Team, we will approach this topic from both the Red Team (offensive) and Blue Team (defensive) perspectives. Our goal is to help you better understand how rootkits operate and teach you how to detect them, enhancing your skills both in red team penetration and attack techniques, as well as in blue team defensive and detection strategies.
- Red Team (Offensive): Develop and deploy rootkits as part of penetration testing and attack simulations.
- Blue Team (Defensive): Detect and analyze rootkits, develop strategies for rootkit mitigation, and enhance overall system defense.
- Basic knowledge of Linux and the command line.
- Familiarity with C programming and Linux kernel concepts.
- A passion for cybersecurity and a desire to learn more about system-level attacks and defenses.
By the end of this course, you will:
- Gain a comprehensive understanding of Linux rootkits and their functionality.
- Develop the skills to create, deploy, and detect rootkits in a Linux environment.
- Enhance your capabilities in both offensive and defensive cybersecurity practices.
- Video Lectures: Detailed walkthroughs of each topic, including coding sessions.
- PowerPoint Slides: Visual aids to reinforce key concepts and provide summaries of the material.
- In this video, I discuss the big picture of the course and the concepts I will cover. Session-00-youtube