Skip to content

DMFR SECURITY

another security blog…

Reviews
About

Search for:

Tag: LD_PRELOAD

100 Days of YARA – Day 51: bdvl

On February 8, 2022December 31, 2021 By DanielIn 100 days of Yara1 Comment

Find bdvl LD_PRELOAD rootkit with YARA.

100 Days of YARA – Day 50: libprocesshider

On February 7, 2022December 31, 2021 By DanielIn 100 days of Yara1 Comment

I have encountered libprocesshider being used in the wild. This is a userland rootkit that abuses LD_PRELOAD to hide processes. https://github.com/gianlucaborello/libprocesshider This library is simple; under 100 lines of C code. This rule matched on a malicious libprocesshider library found on a honeypot system. rule libprocesshider { meta: description = "libprocesshider userland rootkit" strings: $ …

Continue reading 100 Days of YARA – Day 50: libprocesshider

Archives

February 2022 (12)
January 2022 (31)
December 2021 (15)
November 2021 (3)
October 2021 (7)
September 2021 (13)
August 2021 (13)
May 2021 (4)
April 2021 (23)
February 2021 (5)
January 2021 (6)
December 2020 (8)
February 2020 (2)
November 2019 (1)
October 2019 (2)
December 2018 (3)
July 2018 (1)
May 2017 (2)
April 2017 (5)
January 2017 (1)
December 2016 (4)

ascii assembler base64 binary C c++ cryptography CTF cyberchef ELF exiftool forensics golang hexadecimal hunting incident response java kali Linux malware netcat networking nmap pe pentesting persistence picoctf PowerShell procfs programming Python ransomware reversing reviews security shellcode shell scripting ssh steganography strings web win32 windows wireshark yara

Blog at WordPress.com.

Follow Following
- DMFR SECURITY
- Already have a WordPress.com account? Log in now.