LoFP / rare temporary workaround for library misconfiguration

Techniques

• t1574
• t1574.006

Sample rules

Code Injection by ld.so Preload

• source: sigma
• technicques:
  • t1574
  • t1574.006

Description

Detects the ld.so preload persistence file. See man ld.so for more information.

Detection logic

condition: keywords
keywords:
- /etc/ld.so.preload