Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

Syscall proxying fun and applications

Chaos Communication Congress 22th (22C3) 2005
Indexed on
Mar 27, 2013
File name
File size
89.6 KB

This talk is about how using syscall proxying technique for envolved attacks or other distributed applications. It includes source code examples like shellcodes, tools and a poc rootkit using this technique. This talk will be submited first at 0sec, a private security event we organize in switzerland in october. Since long time hackers are searching way to execute code on hosts through different types of vulnerabilities. The shellcode is one of the master part of a successfull exploitation. Making reliable exploit working in the wild with "universal" payload is the goal of every exploit writer. Syscall proxying is a technique which was introduced by Maximiliano Caceres (CORE SDI) which can provide a real remote interface to the host's kernel. The goal is writing universal "agents" to create all you can imagine locally but running it remotly. The best part of the syscall proxying technique is the attacker tools are locally stored but remotely executed through the payload. During this talk Casek will introduce this technique and his own implementation of syscall proxy shellcodes and tools. Different type of payloads, a library, tools and a proof of concept lightweight rootkit will be presented. He will discuss exploiting vulnerabilities with this goal: exploiting, privilege escalation if needed, rootkiting (remotly infecting processes or patching on the fly the kernel), covering traces etc... all in one time.

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.


Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.


To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Flattr this Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !