GitHub

Tool for injecting a shared object into a Linux process

On many Linux distributions, the kernel is configured by default to prevent any process from calling ptrace() on another process that it did not create (e.g. via fork()). This is a security feature ...
GitHub

defense_evasion_shared_object_injection_via_process_environment_variable.toml

This rule detects the use of process environment variables LD_PRELOAD to inject a shared library into a binary at or prior to execution. A threat actor may do this to load a malicious shared library ...