Malware on *nix systems can overwrite argv[] in order to hide from sysadmins and analysts. This post demonstrates this technique, ways to hunt for this behavior, and some links to real world samples which leverage this technique.
Author Archives: Daniel
Welcome!
Welcome! I will be blogging about *nix malware. Hopefully this information helps someone.
*nix malware 