Explore how attackers operate and their favorite tools and targets in our new SANS research. Get the Report ›

Offensive Tools

asminject.py

asminject.py is a code injection tool that compromises Linux-trusted processes and containers.

About asminject.py

Compromise trusted processes with code injection to capture sensitive data.

Protecting software and sensitive data from theft or misuse is unlikely to succeed if attackers gain administrative or physical access to devices that process information in unencrypted form - even for a fraction of a second. We've created asminject.py, a tool that demonstrates an attack on Linux processes and containers using compromised administrative access to the host. Asminject.py was inspired by an environment where container-level endpoint security was part of a larger strategy to protect information within the containers from users with administrator access to the Linux systems that hosted the containers.

Use asminject.py to tamper with trusted processes by injecting arbitrary code via the Linux process filesystem (procfs) interface to capture sensitive data. Without intrusive monitoring at the host level, asminject.py keeps compromise attempts under the radar with minimal detection or response from existing defenses.

Bishop Fox Researcher Ben Lincoln Headshot

Lead Researcher

Ben Lincoln

Ben Lincoln is a Managing Senior Consultant II at Bishop Fox and focuses on application security. He has extensive experience in network penetration testing, red team activities, white-/black-box web/native application penetration testing, and exploit development. Prior to joining Bishop Fox, Ben was a security consultant with NCC Group, a global information assurance consulting organization. He also previously worked at a major retail corporation as a senior security engineer and a senior systems engineer. Ben delivered presentations at major security conferences, including "A Black Path Toward the Sun" at Black Hat USA 2016. Ben is OSCP-certified and has released several open-source exploit tools. Ben's personal projects and research at https://www.beneaththewaves.net

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.