Explore a conference talk on backdooring techniques using metadata, presented at Circle City Con 5.0 in 2018. Delve into the intricacies of userland backdoors, focusing on the BACE (Binary-based Application Composition Engine) approach. Learn about chmod and setuid mechanisms, and how they can be combined with BACE to create backdoors via metadata. Compare this method to traditional rootshell backdoors, and discover the cross-platform capabilities of BACE. Examine environment variables, setuid-wrapper.c, and process spawning techniques. Gain insights into detecting and mitigating these methods, and explore potential future developments in this field.
Overview
Syllabus
Intro
Failure Point #1 in Userland Backdoors
Introduction to BACE (Cont.)
Quick Overview of chmod and setuid Mechanism
BACE + chmod, setuid = Backdoor via Metadata
Direct Command
Pros/Cons of this Method
Method #1 vs Traditional Rootshell Backdoor
Fun Fact: en is a cross-platform BACE!
Environment Variables
Hello setuid-wrapper.c
Spawning a Process
Demo of /usr/bin/python
Releasing The BACE Excel Sheet
Ideas for Detecting & Mitigating the Methods
Ideas for Future Methods
Acknowledgement
