home.social

#syscalltables — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #syscalltables, aggregated by home.social.

  1. Finding Linux root kits can be hard.
    Even if the malware does not touch syscalls directly, it can modify some kernel functions which are activated by one of the system calls. The problem lies in the fact, that these modified functions do not have to be executed during every system call. For example if we modify only some pointer to reading functions in procfs, then the attacker’s code will be executed only when read() is called in order to read some specific file, like /proc/net/

    I've found from a file system level detection, you could monitor execution time, but I am curious what other people think.

    #security #linux #rootkits #syscalltables