Dynamic linker hijacking attempt
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Goal
Detect attempts to load a malicious library.
Strategy
After an attacker’s initial intrusion into a victim container or host (for example, through a web shell exploit), they may attempt to escalate privileges, evade defenses, or establish persistence by hijacking environment variables such as LD_PRELOAD
, or configuration files such as /etc/ld.so.preload/
, which the dynamic linker uses to load shared libraries.
Requires Agent version 7.39 or greater