Save! Automatic commit from github.com/kris-nova/bin/git-save

Signed-off-by: Kris Nóva <kris@nivenly.com>
krisnova · May 10, 2022 · 1ecac4f · 1ecac4f
1 parent 17b213f
commit 1ecac4f
Show file tree

Hide file tree

Showing 11 changed files with 160 additions and 8 deletions.
diff --git a/boopkit.c b/boopkit.c
@@ -423,14 +423,6 @@ int main(int argc, char **argv) {
       }
       boopprintf("  ** Boop source: %s\n", saddrval);
 
-
-      // Future hook for probe specific logic
-      // if (ret.event_src_code == EVENT_SRC_BAD_CSUM) {
-      //  boopprintf("  ** Boop EVENT_SRC_BAD_CSUM\n");
-      //} else if (ret.event_src_code == EVENT_SRC_RECEIVE_RESET) {
-      //  boopprintf("  ** Boop EVENT_SRC_RECEIVE_RESET\n");
-      //}
-
       // Always check for RCE in the ring buffer.
       char *rce = malloc(MAX_RCE_SIZE);
       int xcap_found;

diff --git a/slides/1-title.zomg b/slides/1-title.zomg
@@ -0,0 +1,8 @@
+/!
+/!
+# Boopkit
+/!
+/!
+### Advanced TCP Penetration with eBPF in the Linux Kernel
+/!
+### 🇺🇦✨DevopsDays Ukraine ✨🇺🇦
diff --git a/slides/2-story.zomg b/slides/2-story.zomg
@@ -0,0 +1,16 @@
+/!
+/!
+### When did it begin?
+/!
+# 24 February, 2022
+/!
+### Russia Invades Ukraine
+/!
+/!
+// - Following @lookner #OSINT
+// - Watching the invasion live
+// - Friends, Family in Ukraine
+// - Open Source Intelligence #OSINT
+/!
+/!
+// - https://supportukraine.love/osint
diff --git a/slides/3-story.zomg b/slides/3-story.zomg
@@ -0,0 +1,20 @@
+/!
+/!
+### What did I discover? 😇
+/!
+# 11 March, 2022
+/!
+### "Bug Bounty Program"
+/!
+/!
+// [Twitter]
+// twitter.com/krisnova/status/1502293124160409601
+// --------------------------------------------------------
+// I am not saying that I just found a LOG4J vulnerability
+// in a Russian bank.
+//
+// I am however saying that if anyone knows any Ukrainian
+// cybersecurity experts who want an IP address, a port
+// number, and a PoC my DMs are open.
+// --------------------------------------------------------
+/!
diff --git a/slides/4-story.zomg b/slides/4-story.zomg
@@ -0,0 +1,20 @@
+/!
+/!
+### Collaborating With Ukraine Government and Private Sector
+/!
+# "How can I help support Ukraine Cybersecurity?"
+/!
+## Teach us about what Russia could be doing to our Linux?
+/!
+# "What can eBPF do exactly?"
+/!
+## [ Rootkit ] [ Pid Obfuscation ] [ Docker Image Override ]
+## [ Syscall Interception ] [ Polymorphic Executables ] [ DNS ]
+## [ BPF Obfuscation ] [ Kernel Module Hiding ] [ XDP ] [ Pipe ]
+/!
+### The more we talked about the dangers of eBPF...
+### The more we realized there was A LOT it could do!
+/!
+// More: github.com/pathtofile/bad-bpf
+// More: github.com/Gui774ume/ebpfkit
+/!
diff --git a/slides/5-story.zomg b/slides/5-story.zomg
@@ -0,0 +1,15 @@
+/!
+/!
+### Collaborating With Ukraine Government and Private Sector
+/!
+# "Would they be able to exploit even a single SYN packet?"
+/!
+## Yes, probably. You would just need to know how!
+/!
+# "So, how?"
+/!
+### So, I kind of wrote a rootkit for Ukraine...
+/!
+// (hi mom)
+/!
+/!
diff --git a/slides/6-diagram.zomg b/slides/6-diagram.zomg
@@ -0,0 +1,18 @@
+/!
+/!
+# [ Boopkit ] Exploited Machine
+/!
+/!
+//    * Boop *     SYN SOCK_RAW (Any Port)
+//
+//   []-eth0-[]
+// +------------+
+// | Linux 5.17 | --> [ Boopkit PID ]   --> bpf_object__open(pr0be.boop.o)
+// +------------+          |            --> bpf_object__open(pr0be.safe.o)
+//                         |            --> bpf_object__open(pr0be.xdp.o)
+//             #include <pthread.h>
+//                         |
+//             [ xcap ring buffer ]        [BPF Tracepoints]
+//                         |           <-- tracepoint/tcp/tcp_receive_reset
+//             [ 1024bytes :eth0  ]    <-- tracepoint/tcp/tcp_bad_csum
+/!
diff --git a/slides/7-diagram.zomg b/slides/7-diagram.zomg
@@ -0,0 +1,24 @@
+/!
+/!
+//[1/2 ] SYN Packet (About 80 bytes)
+/!
+//0                   1                   2                   3
+//0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//|          Source Port          |       Destination Port        |
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//|                        Sequence Number                        |
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//|                    Acknowledgment Number                      |
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//|  Data |           |U|A|P|R|S|F|                               |
+//| Offset| Reserved  |R|C|S|S|Y|I|            Window             |
+//|       |           |G|K|H|T|N|N|                               |
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//      |           Checksum            |         Urgent Pointer        |
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//|                    Options                    |    Padding    |
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//{                   ...  ncat -lvp 8080 ...                     }
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+/!
diff --git a/slides/8-diagram.zomg b/slides/8-diagram.zomg
@@ -0,0 +1,24 @@
+/!
+/!
+//[ Boop 2/2 ] SYN-ACK +RST Packet (About 80 bytes)
+/!
+//0                   1                   2                   3
+//0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//|          Source Port          |       Destination Port        |
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//|                        Sequence Number                        |
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//|                    Acknowledgment Number                      |
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//|  Data |           |U|A|P|R|S|F|                               |
+//| Offset| Reserved  |R|C|S|S|Y|I|            Window             |
+//|       |           |G|K|H|T|N|N|                               |
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//      |           Checksum            |         Urgent Pointer        |
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//|                    Options                    |    Padding    |
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//{                   ...  ncat -lvp 8080 ...                     }
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+/!
diff --git a/slides/README.md b/slides/README.md
@@ -0,0 +1,4 @@
+# Boopkit - Advanced TCP Penetration with eBPF in the Linux Kernel
+## Kris Nova
+## github.com/kris-nova/boopkit
+
diff --git a/slides/krisnova b/slides/krisnova
@@ -0,0 +1,11 @@
+
+
+
+██╗  ██╗██████╗ ██╗███████╗    ███╗   ██╗ ██████╗ ██╗   ██╗ █████╗ 
+██║ ██╔╝██╔══██╗██║██╔════╝    ████╗  ██║██╔═══██╗██║   ██║██╔══██╗
+█████╔╝ ██████╔╝██║███████╗    ██╔██╗ ██║██║   ██║██║   ██║███████║
+██╔═██╗ ██╔══██╗██║╚════██║    ██║╚██╗██║██║   ██║╚██╗ ██╔╝██╔══██║
+██║  ██╗██║  ██║██║███████║    ██║ ╚████║╚██████╔╝ ╚████╔╝ ██║  ██║
+╚═╝  ╚═╝╚═╝  ╚═╝╚═╝╚══════╝    ╚═╝  ╚═══╝ ╚═════╝   ╚═══╝  ╚═╝  ╚═╝
+
+