auditd monitor execveat syscall which can be use for file less malwares

monitor execveat syscall which can be use for file less malwares

Open vahidmalekk opened this issue 9 months ago • 1 comments

trafficstars

check this https://github.com/vahidmalekk/bypass-Neo23x0-auditd-config/

Feb 02 '25 21:02 vahidmalekk

-a always,exit -F arch=b64 -F auid>=1000 -F auid!=-1 -S execveat -k Memory-Process-creation -a always,exit -F arch=b64 -F auid>=1000 -F auid!=-1 -S execveat -k Memory-Process-creation

Feb 27 '25 04:02 Pierre-Gronau-ndaal

auditd auditd copied to clipboard

monitor execveat syscall which can be use for file less malwares

auditd
auditd copied to clipboard