Watch the stream
Have you ever wondered how to run code inside a different process? Or, for that matter, why you would WANT to run code in another process?
I originally entered the security world writing cheats for Windows games - Starcraft, Warcraft II, and similar late-90s games. The tools are functionally lost to the ages, but the techniques I used have served me for years: not only can you use process injection to cheat at video games, it's useful for so much more: adding, changing, bypassing, or even calling code in a foreign process can help with fuzzing, reverse engineering, malware detection, and so much more!
But for a technique so commonly used, there isn't really a "standard" way to do it, especially on Linux!
One day, I read a blog discussing how hard it was to do on Linux. I thought, "that can't be right, it's easy on Windows!" and set out to prove them wrong. Days later, I had accidentally written a debugger and learned way, way too much about the ptrace API and /proc filesystem!
In this talk, I'll demonstrate the tooling I built and why it might be more useful than you might think to do this yourself!
Ron Bowes Principal Security Researcher, GreyNoise Intelligence
Ron Bowes is a Principal Security Researcher on the GreyNoise Labs team, which tracks and investigates unusual--typically malicious--internet traffic. His primary role is to understand and track the big vulnerabilities of the day/week/month/year; often, that means parsing vague vendor advisories, diff'ing patches, reconstructing attacks from log files, and--most complex of all--installing and configuring enterprise software. When he's not at work, he runs the BSides San Francisco Capture the Flag contest, is a founder of The Long Con conference in Winnipeg, takes improv classes, and continues his project to finish every game in his Steam library.