Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection.
Azazel suffers a stack overflow bug on wtmp_clean && utmp_clean,
because they use hooked open() instead of libc's open() function,
making calls to is_owner() recursive when HIDE_THIS_SHELL env var is set.
Azazel suffers a stack overflow bug on wtmp_clean && utmp_clean, because they use hooked
open()
instead of libc's open() function, making calls to is_owner() recursive when HIDE_THIS_SHELL env var is set.