mquire: from injected code to hidden kernel hooks
Recent mquire releases add views for the questions that come up first when triaging a Linux memory dump: injected code, dynamic-linker hijacks, unexpected capabilities, processes under a tracer, and kernel hooks that belong to no module. This post shows each one with real output.
[Read More]