Posts

I found /usr/bin/lesspipe.sh and ~/.lessfilter. ls -al /usr/bin/lesspipe.sh -rwxr-xr-x. 1 root root 3622 Sep 1 14:25 /usr/bin/lesspipe.sh ⚠️ This post is in no way detailing a vulnerability or exploit. I am sharing a novel persistence mechanism that I was not aware of until recently. I am writing this post because I do not believe many defenders — SOC, DFIR and system administrators alike — know about this. Not MITRE ATT&CK nor GTFOBins.com include this level of detail in their respective repositories, either. ...

eBPF for All1 eBPF (Extended Berkley Packet Filtering) emerged a few times in my career dealings over the last couple of years, and I only now sat down to start taking it seriously. Whether on DFIR engagements or protecting some of the systems I use at my current employer, eBPF always plays a role in helping a user do some elegant things with the assistance of the kernel. But it’s not just my employer (and their operating system) teams that are exploring ways to make the Linux kernel work for them. So too is Facebook and Netflix and Apple and Splunk and DataDog and 5G Telco Networks even Cloudflare! ...