cesare1999
2024-08-16
Linux Anti-Debugging Techniques (Fooling the Debugger)
By Silvio Cesare (January 1999)
| Notes |
|---|
| false disassembly |
| anti-debugger |
| anti-analysis |
| anti-forensics |
| Linux |
| debugging |
| virus |
| breakpoint |
| breakpoint detection |
| opcode |
| int3 |
| ptrace |
| man page |
| checking for breakpoints by checking for int3 instruction |
| gdb |
| false breakpoints |
| SIGTRAP |
| signal |
| signal.h |
| signal handler |
| debugger detection with ptrace PTRACE_TRACEME |
| ltrace |
| strace |
Linux Persistence: Modular Software
2025-04-17 DFIR CTF persistence linux persistence apache asterisk
Linux Persistence: Web Shells
2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP
Linux Persistence: Rootkits
2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking
Defanging Linux LKM Rootkits With cleanup_module()
2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit