Many pieces of Linux malware hook PAM-related functions. This is often done to harvest credentials and add backdoor passwords for the attacker’s use.
PAM API hooking
0001-01-01
Recent Posts
Linux Persistence: Startup Scripts
2024-11-10 DFIR CTF linux persistence systemd SysV init startup script
Linux Persistence: Cron
2024-11-10 DFIR CTF linux persistence cron
Linux Persistence: User Accounts
2021-06-27 DFIR linux persistence