hooks

0001-01-01

In a cybersecurity context, a hook is a technique that intercepts messages, events, or function calls between software components and subsequently alters the behavior of the application.

For example, a rootkit may install a hook that patches the getdents function on a Linux system to not display the folders containing their malware with tools such as ls or find.

Another example is an EDR solution hooking system calls necessary to create processes so they can be logged, analyzed, and acted upon if malware is detected.


Links to this note