Lmst

Would you look at that, it's tmp.0ut Volume 4! Happy Friday, hope you enjoy this latest issue!

https://tmpout.sh/4/

tmp.0ut Volume 4 will be out in the coming days!

In the mean time, check out the official tmp.0ut 4 Mixtape!!

~2 hours of beats to relax/study/write viruses to:

https://soundcloud.com/faultus/tmpout4

https://tmpout.sh/blog/vol4-cfp.html

We are extending our call for papers to January 1, 2025!

We are now targeting an end of January release.

If you have any Linux/ELF related research, projects, or papers, we would love to publish them!

Huge thank you to everyone who has already submitted!

tmpout boosted:

Paged Out! Issue #5 is out now!
https://pagedout.institute/?page=issues.php
Happy reading!

tmp.0ut Volume 4 is happening! Our call for papers is now open, and we're excited to see what you've been working on 👀 read the full announcement here: https://tmpout.sh/blog/vol4-cfp.html

tmpout boosted:

The time has come, and with it your reading material for the week.

Phrack #71 is officially released ONLINE! Let us know what you think!

http://phrack.org/issues/71/1.html

tmpout boosted:

Binary Golf Grand Prix 5 begins now!

#BGGP5 theme: "Download"

Challenge Announcement: https://binary.golf/5

tmpout boosted:

Attention Golfers, #BGGP5 is starting a week from today!! Get your hex editors ready and update your firewall rules because this one is going to be a lot of fun!

Keep it locked in on https://binary.golf, revisit old challenges, come chat in Discord, and we'll see you soon!

tmpout boosted:

new updates just merged into easylkb (Easy Linux Kernel Builder) - thank you to all the contributors!

https://github.com/deepseagirl/easylkb/

screenshot showing user connecting to a linux image running in qemu after building with easylkb

tmpout boosted:

I finally wrote down my Binary Golf Grand Prix 4 research!

Chaining the most obscure Windows file formats I could find, finding some easter eggs, top-score irony, and bypassing digital signatures.

BGGP4: PleaseMom, QUANTUM, Rat? #BGGP4

https://remyhax.xyz/posts/bggp4-quantum-rat/

tmpout boosted:

Exploring object #file #formats

https://maskray.me/blog/2024-01-14-exploring-object-file-formats

An End of the Week treat! We are pleased to push the final paper to tmp.0ut Vol. 3: "u used 2 call me on my polymorphic shell phone" by @ic3qu33n

This paper explores historical Linux VX techniques and applies them to modern day, you won't want 2 miss!
https://tmpout.sh/3/12.html

A screenshot of the paper's header and introduction on the tmpout website

tmpout boosted:

You should write an article for Phrack #71 !! I hear it's coming out by summer time. 👀

Let's open the windows and get some phresh air back into the scene.

If you've got a story to tell, you should send it in by April 1st and keep the vibe going. :)

http://phrack.org

A huge thank you to everyone checking out the daily articles!

We've run out for now, but please do make sure to check out the non-articles that were released!

A huge thank you to all of our contributors, readers, and staff. You make this possible!

https://tmpout.sh/3/

tmpout vol3 - article a day #17

isra shows us another proof of concept x64 ELF virus written in Perl!

read here: https://tmpout.sh/3/30.html

Yet another proof-of-concept x64 ELF virus written in Perl:

* It works by patching the last byte (return instruction) of the .fini section
and then injecting a payload in the free space (null bytes) between the
.fini and .rodata sections. Infection is accomplished only if free space is
greater than size of payload + size of virus.

tmpout vol3 - article a day #16

"recap of bggp 4: replicate"

a short recap of the most recent @binarygolf challenge, with a link to all the entries.

read here: https://tmpout.sh/3/25.html

The fourth annual Binary Golf Grand Prix was this summer. The challenge was to create the
smallest possible self-replicating program that printed, returned, or somehow displayed
the number "4".

tmpout vol3 - article a day #15

"hvICE - intrusion countermeasure electronics"

wintermute shows us a proof of concept implementation for enforced data integrity

read here: https://tmpout.sh/3/24.html

hvICE is a proof of concept implementation of hypervisor enforced code/data integrity for the Linux
kernel using xen and libvmi. It requires no modification to the guest OS. hvICE achieves this by
setting all pages between _text and _etext and all of kernel rodata to not writable in the guests
EPT, then pausing the VM and logging the violation if an attempted write did not come from within
kernel text. Writes by code within kernel text are ignored to prevent false positives due to kernel
self patching.

Example:
- Kernel self protection is insufficiently secure.
- Despite recent kernel versions preventing writes to cr0 and setting protected pages as writeable
via kernel functions, bypassing these protections is as simple as writing to either cr0 or the
PTE directly as shown in this snippet.

tmpout vol3 - article a day #14

"rain king - silent syscall hooking on arm64 linux via patching svc handler"

wintermute shows us an interesting way of hooking syscalls that isn't commonly detected!

read here: https://tmpout.sh/3/23.html

system call hooking on linux is quite trivial. current common techniques include:
- using the kernel ftrace api
- modifying sys_call_table to point to your own table
- modifying addresses in sys_call_table to point to your own code
- patching the syscall entries themselves

unfortunately, even userland rootkit scanners can detect the first 2 methods-
via periodically checking /proc/kallsyms or system.map.
current kernel mode rootkit scanners will easily detect all of these methods.

tmpout vol3 - article a day #13

"Cramming a Tiny Program into a Tiny ELF File: A Case Study"

lm978 builds upon prior work golfing ELFs and shows how to create a functional x86-64 ELF in 77 bytes

read here: https://tmpout.sh/3/22.html

Client Info