Loss, and Profit within the context of HaX0ring

No, this aint a financial analysis of my so-called life. Today's story began at home, where I'd be stuck for about five or six day due to a slight influenza attack, which stormed in late last Sunday night, only to inflame my body the next day. For several days I passed in and out of consciousness, my breath hot, my throat parched, my joints aching...

Relief came to me only yesterday.

It's said that whether cold or flu, when the virus hits, it's due to contact with whomever suffered its ravages last, rather than because of inclement weather like rain, wind and often, snow. Once you realize this, then getting out of the house after being cooped up for too long is always a welcome relief despite the circumstances, especially when spring is barely nascent and big fluffy bits of snow are trying to obscure the landscape once more.

But I wax too eloquently to match the current mood, which has been briefly influenced by a book edited by Jeff Moss called Stealing the Network: How to Own a Continent, a hacker novel written by a collection of hackers for hackers, which is referred to as STC.

Because I am a great fan of Google, I had to research this book, but didn't get further than this link which I will obscure enough so the botnets don't rip it to shreds:

Bl@ckTo\/\/3r by Brian Hatch of Nmap dot org - the URL is insecure dot org fwf-slash stc fwd-flash sti dot html - is a great spy story for the hacker, complete with an indepth look at how to hack into X11. Yet the novel mentioned the use of /dev/kmem and after a brief spell of searching for it, I discovered the following URL: www dot la dash samhna dot de fwd-slash library fwd-slash rootkits fwd-slash index dot html which explains Linux kernel rootkits in a training manual.

Really wicked stuff!

Especially samhain, which is a great data integrity and host intrusion alert system. A brief use of searching the apt-cache revealed the following:


$ apt-cache show samhain
Package: samhain
Priority: optional
Section: universe/admin
Installed-Size: 1788
Maintainer: Javier Fernandez-Sanguino Pen~a
Architecture: i386
Version: 2.0.10a-2
Depends: libc6 (>= 2.3.4-1), debconf (>= 1.2.9) | debconf-2.0
Filename: pool/universe/s/samhain/samhain_2.0.10a-2_i386.deb
Size: 665100
MD5sum: 4441fd7bd602759c8e893a0f6ec00f46
Description: Data integrity and host intrusion alert system
Samhain is an integrity checker and host intrusion detection system that
can be used on single hosts as well as large, UNIX-based networks.
It supports central monitoring as well as powerful (and new) stealth
features to run undetected on memory using steganography.
.
Main features
* Complete integrity check
+ uses cryptographic checksums of files to detect
modifications,
+ can find rogue SUID executables anywhere on disk, and
* Centralized monitoring
+ native support for logging to a central server via encrypted
and authenticated connections
* Tamper resistance
+ database and configuration files can be signed
+ logfile entries and e-mail reports are signed
+ support for stealth operation
.
Homepage: http://la-samhna.de/samhain/index.html
Bugs: mailto:ubuntu-users@lists.ubuntu.com
Origin: Ubuntu


Oh joy! Oh, jubilation!

Then as I read bits of the la samhna article on Linux kernel rootkits, I realized that STC is more my speed than a manual on kernel rootkits, especially after the flu.

This brain of mine is done in by the flu I suspect, such that while I can understand about 1/3 of the quqntum dynamic stuff on wikipedia, total concentrated effort to grokk a technical manual on kernel rootkits is met with the same feeling I felt long ago when I had to study for not one test but several back in college twenty years ago.

Yes, my brain is currently mush, but hopefully with rest and relaxation I'll be able to finish STC and dive into the kernel rootkit manual... soon.