Explore how attackers operate and their favorite tools and targets in our new SANS research. Get the Report ›
Protecting software and sensitive data from theft or misuse is unlikely to succeed if attackers gain administrative or physical access to devices that process information in unencrypted form - even for a fraction of a second. We've created
asminject.py, a tool that demonstrates an attack on Linux processes and containers using compromised administrative access to the host.
Asminject.py was inspired by an environment where container-level endpoint security was part of a larger strategy to protect information within the containers from users with administrator access to the Linux systems that hosted the containers.
asminject.py to tamper with trusted processes by injecting arbitrary code via the Linux process filesystem (
procfs) interface to capture sensitive data. Without intrusive monitoring at the host level,
asminject.py keeps compromise attempts under the radar with minimal detection or response from existing defenses.
Ben Lincoln is a Managing Senior Consultant II at Bishop Fox and focuses on application security. He has extensive experience in network penetration testing, red team activities, white-/black-box web/native application penetration testing, and exploit development. Prior to joining Bishop Fox, Ben was a security consultant with NCC Group, a global information assurance consulting organization. He also previously worked at a major retail corporation as a senior security engineer and a senior systems engineer. Ben delivered presentations at major security conferences, including "A Black Path Toward the Sun" at Black Hat USA 2016. Ben is OSCP-certified and has released several open-source exploit tools. Ben's personal projects and research at https://www.beneaththewaves.net