*nix malware

About
FAQ
Types of Malware
Persistence
Detection
procfs

Overwriting argv[]

Malware on *nix systems can overwrite argv[] in order to hide from sysadmins and analysts. This post demonstrates this technique, ways to hunt for this behavior, and some links to real world samples which leverage this technique.

Uncategorized

Welcome!

Welcome! I will be blogging about *nix malware. Hopefully this information helps someone.

Subscribe