Pinned Loading

1. psaudit psaudit Public

   通过Linux netlink NETLINK_CONNECTOR 协议实时进行监控本机进程情况。

   Go 13 5

2. yara-linux-malware yara-linux-malware Public

   Detect Linux malicious files with Yara.

   YARA 3 1

3. linux mac new strings linux mac new strings

   1

   #linux

   2

   3

   #!/bin/bash

   4

   (strings -a -td "$@" | sed 's/^\(\s*[0-9][0-9]*\) \(.*\)$/\1 A \2/' ; strings -a -td -el "$@" | sed 's/^\(\s*[0-9][0-9]*\) \(.*\)$/\1 W \2/') | sort -n

   5

4. process injection with ptrace process injection with ptrace

   1

   -a always,exit -F arch=b64 -S ptrace -F a0=0x4 -F key=ptrace_poketext

   2

   -a always,exit -F arch=b64 -S ptrace -F a0=0x5 -F key=ptrace_pokedata

5. Detect malicious packages of python ... Detect malicious packages of python request

   1

   for i in $(find / -xtype f -name "python" 2>/dev/null );do $i -m pip list 2>/dev/null |grep "request ";done