Minoru Kobayashi
Minoru Kobayashi
The following url introduces an anti-debug technique using ptrace via syscall. https://cardaci.xyz/blog/2018/02/12/a-macos-anti-debug-technique-using-ptrace/ In the article you will find the following statement. > This confirms that ptrace is invoked by a...
Add a new artifact to collect /etc/ld.so.preload. Although LD_PRELOAD rootkits may hide /etc/ld.so.preload, it can be read via debugfs.
The job_scheduler.yaml has the following artifacts: ``` - description: Collect at files. supported_os: [aix, freebsd, linux, netbsd, netscaler, openbsd, solaris] collector: file path: /var/spool/at - description: Collect at files. supported_os:...
Add a new artifact to collect the process capabilities of files on the system.
Add new artifact to collect the "*.journal~". These journal files are created when system crashes or fails to shut down properly. Also, add artifacts related to "journalctl" command. These artifacts...
Add new artifacts to collect coredump files. The coredump files themselves may not directly help in analyzing incidents, but they are useful for building a timeline of the command execution...