1. Code Red Security - The Art of Deception - x64 shell codes and kernel ABI - DL-Injection - Hijacking processes with ptrace() - DL-Injection attack vector (Don't try it at home) Session byAmr Ali http://amr-ali.co.cc/ [email_address]

2. The Art of Deception Kevin Mitnick 3. The Art of Deception - We are talking today about deceiving port scanners and other reconnaissance tools and/or techniques.Iptablesis the main firewall used by Linux users around the world, so we are going to make great use of it with a little but very effective add-on calledxtables . -TARPITandDELUDEare the main targets xtables provides for our purposes. TARPIT captures and holds incoming TCP connections using no local per connection resources. Connections are accepted, but immediately switched to the persist state (0 byte window), in which the remote side stops sending data and asks to continue every 60-240 seconds. Attemptstoclose the connectionare ignored, forcing the remote side to time out the connection in 12-24 minutes. SYN ---------------> Server SYN/ACK Server WIN[0] Server SYN/ACK Server RST