Ron Bowes
Ron Bowes is a Principal Security Researcher on the GreyNoise Labs team, which tracks and investigates unusual--typically malicious--internet traffic. His primary role is to understand and track the big vulnerabilities of the day/week/month/year; often, that means parsing vague vendor advisories, diff'ing patches, reconstructing attacks from log files, and--most complex of all--installing and configuring enterprise software. When he's not at work, he runs the BSides San Francisco Capture the Flag contest, is a founder of The Long Con conference in Winnipeg, takes improv classes, and continues his project to finish every game in his Steam library.
Session
Have you ever wondered how to run code inside a different process? Or, for that matter, why you would WANT to run code in another process?
I originally entered the security world writing cheats for Windows games - Starcraft, Warcraft II, and similar late-90s games. The tools are functionally lost to the ages, but the techniques I used have served me for years: not only can you use process injection to cheat at video games, it's useful for so much more: adding, changing, bypassing, or even calling code in a foreign process can help with fuzzing, reverse engineering, malware detection, and so much more!
But for a technique so commonly used, there isn't really a "standard" way to do it, especially on Linux!
One day, I read a blog discussing how hard it was to do on Linux. I thought, "that can't be right, it's easy on Windows!" and set out to prove them wrong. Days later, I had accidentally written a debugger and learned way, way too much about the ptrace API and /proc filesystem!
In this talk, I'll demonstrate the tooling I built and why it might be more useful than you might think to do this yourself!