Open ghost opened 9 years ago
Following this thread about azazel, it points to a few weaknesses we'll need to adress: http://www.reddit.com/r/netsec/comments/1y0o45/azazel_new_linux_userland_rootkit_antidebugging/
Mainly the mmap(2) function that can be used instead of open to compare adresses in /proc//maps.
Following this thread about azazel, it points to a few weaknesses we'll need to adress: http://www.reddit.com/r/netsec/comments/1y0o45/azazel_new_linux_userland_rootkit_antidebugging/
Mainly the mmap(2) function that can be used instead of open to compare adresses in /proc//maps.