Developping hacking tools targetting Linux


The objective of this training is to understand the fundamentals of the Linux operating system in order to implement, via low-level C APIs, offensive security mechanisms.


After reviewing the basics of the Linux operating system, participants will learn how to handle low-level APIs related to processes (creation, communication, injection, debugging). They will also discover the ELF format and its memory representation. Finally, security mechanisms (LSM) and isolation (Cgroup, Namespaces), and system auditing will also be introduced.


During this training, the participants will have to implement a scenario during which an attacker will inject a library in the sshd service in order to steal and exfiltrate user credentials while ensuring persistence on the system by backdooring a shared library.


The Introduction to Linux Security-Oriented System Development is an advanced level training course designed for pentesters, Linux developers, and security teams. It is recommended to have good knowledge of C development as well as a good general knowledge of IT security.


5 days / 13 hours of theory / 22 hours of practice.


  • Linux operating system basics


    • Greetings and environment setup (laptops with preinstalled Debian VMs are provided)

    • Linux Distributions

    • Shells

    • File system

    • Security model

    • Compiler toolchain

    • Systemd

    • D-Bus

    • PAM


  • ELF format, memory layout and hooking techniques



    • ELF Format

      • Structure

      • Memory layout


    • Hooking Techniques


  • Process, Thread and injection techniques



    • Process & Thread

      • Creation, termination, monitoring, etc.

      • API

    • Process debugging

    • Process injection


  • Inter-process Communication, security and isolation mechanisms



    • IPC

    • Linux Security Module

      • AppArmor

      • SELinux

    • Isolation Mechanism

      • Cgroup

      • Namespaces


  • System audit & User / Kernel Interface


    • System audit

    • User / Kernel Interface