uac icon indicating copy to clipboard operation
uac copied to clipboard

Published 20 hours ago verified publisher icon tclahr

artif: dump /etc/ld.so.preload with debugfs/xfs_db

Open mnrkbys opened this issue 5 months ago • 1 comments

Add a new artifact to collect /etc/ld.so.preload. Although LD_PRELOAD rootkits may hide /etc/ld.so.preload, it can be read via debugfs.

mnrkbys avatar Sep 11 '24 04:09 mnrkbys