Tool Talk: asminject.py
Watch as we explore Bishop Fox’s very own asminject.py, a code injection tool that tampers with trusted Linux processes to capture sensitive data and change program behavior.
Watch the livestream on Tuesday, Nov. 1 at 2 p.m. ET!
Consider a product designed to process patient information from hospitals, or one that analyzes the performance of experimental stealth aircraft materials being researched in a lab. In an ideal world, IT staff would have access to manage the overall system but would somehow be prevented from accessing the actual data. Instead, currently, administrators with full control over the host itself can tamper with kernel memory, files in persistent storage, and even CPU registers if necessary.
To illustrate the potential dangers of hackers getting this level of administrative access, Senior Consultant Ben Lincoln developed a fork of David Buchanan's dlinject.py tool named
asminject.py. This tool shows how attackers can tamper with trusted Linux processes to capture sensitive data with little to no detection.
Join the eighth episode of our Tool Talk series to get a play-by-play of
asminject.py. In this livestream, you’ll hear the creator of
asminject.pyinteracts with the target process to capture sensitive data
asminject.pydemo for penetration testing
We hope to see you there!
Speakers: Ben Lincoln, Managing Senior Consultant II, Bishop Fox; Joe Sechman, AVP of R&D, Bishop Fox