When a mistaken chmod 000 renders the chmod binary unusable, this guide explains why the error occurs and walks through six practical recovery methods—including Perl, Python, scp, busybox, LD_PRELOAD, and LiveCD—plus preventive tips to avoid repeating the mistake.
This article explains the concepts and implementation of Linux system‑call hooking, covering both user‑space techniques like LD_PRELOAD and kernel‑space methods such as inline patches and kprobes, and shows how to monitor, filter, and secure calls without breaking normal program flow.
This article walks through the symptoms, root causes, forensic commands, and remediation actions taken to investigate and clean a Linux server that was compromised, highlighting key security lessons such as tightening SSH access, monitoring critical files, and restoring locked system utilities.
This article walks through a real‑world Linux server breach, detailing the observed symptoms, investigative commands, hidden malicious scripts, file‑locking tricks, and a comprehensive remediation process that includes tightening security groups, strengthening passwords, monitoring critical files, and restoring compromised system utilities.
Researchers from Intezer and BlackBerry uncovered Symbiote, a novel Linux rootkit that loads as a shared library via LD_PRELOAD, hijacks libc and libpcap, uses BPF hooking to hide malicious traffic, and targets credential theft and remote access, especially in Latin American financial sectors.
This article walks through a real‑world Linux mining malware incident, detailing how the attacker used a malicious crontab entry and LD_PRELOAD to hide processes, the forensic steps to uncover the payload, and practical remediation and hardening measures to prevent future compromises.
This article explains the mechanics of Linux buffer‑overflow attacks with concrete C and assembly examples, shows how to craft and execute shellcode, and demonstrates practical mitigation techniques such as using Libsafe with LD_PRELOAD to protect vulnerable programs.
This article explains how researchers built the EvilAbigail tool to perform a cold‑boot attack on Linux machines using LUKS full‑disk encryption, detailing the use of LD_PRELOAD bootkits, initrd manipulation, and password extraction techniques while also discussing practical mitigations.
