Search For Content
Search Result
45 item(s) found so far for this keyword.
Clearing Kernel Message
The dmesg -C command clears the kernel message buffer, which stores diagnostic messages generated by the kernel. These messages include logs about hardware interactions, system events, kernel module loads, and errors such as segmentation faults. The attacker can run this command to make sure that no trace of kernel-related activity, including any anomalies caused by exploitation, remains in the message …
Manipulating Debug Logs
Using the sed -i command, specific entries in debug logs, such as errors (segfault, SystemError) or trace information (e.g., filenames like main.cc), are surgically removed. This allows attackers to target only incriminating evidence without erasing the entire log file. The process preserves the structure and authenticity of the log while removing key evidence of exploitation or system errors.
…
Read moreRemoving Commands from SELinux Audit Logs
SELinux audit logs record all executed commands and policy enforcement actions, including commands like /bin/web, setenforce, mount, and /bin/rm. Using sed -i, attackers delete specific entries from these logs that could reveal the commands they executed. This manipulation ensures that traces of their activity, such as disabling security policies or deleting evidence, are erased from …
Indirect Memory Writing
In local memory movement scenarios, for example, when a loader places a payload into memory for execution, antimalware can detect malicious activity at the moment the payload bytes are written into the newly allocated executable memory region. Attackers may try to evade such detection by avoiding direct writes to new memory region and instead relying on other, legitimate Windows APIs …
Read moreAdding antivirus exception
This technique involves searching for active antivirus-related processes or modules and terminating execution if any are found. By detecting loaded antivirus libraries, malware can determine whether it is running in a monitored environment and exit to avoid detection.
Read more