Dynamic linker hijacking attempt

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Goal

Detect attempts to load a malicious library.

Strategy

After an attacker’s initial intrusion into a victim container or host (for example, through a web shell exploit), they may attempt to escalate privileges, evade defenses, or establish persistence by hijacking environment variables such as LD_PRELOAD, or configuration files such as /etc/ld.so.preload/, which the dynamic linker uses to load shared libraries.

Requires Agent version 7.39 or greater

PREVIEWING: esther/docs-9518-update-example-control-sensitive-log-data