| ▲ | maxtaco 2 days ago |
| Use extreme caution running arbitrary code on your machines, especially obfuscated code that tickles kernel bugs! (edited) |
|
| ▲ | stackghost 2 days ago | parent | next [-] |
| Analysis of the POC concurs with my tests that confirm that the portion of `su` that gets overwritten does not survive a reboot. |
| |
| ▲ | wang_li a day ago | parent [-] | | it's living in your page cache, not on your disk. flush the caches and it'll disappear. | | |
| ▲ | stackghost a day ago | parent [-] | | Indeed. But it's easier to just kill a container or a k8s node and reprovision than to flush the caches | | |
|
|
|
| ▲ | charcircuit 2 days ago | parent | prev [-] |
| The page explicitly describes that it is stealthy as it does not make permanent changes, only corrupting the binary in memory. |
| |
| ▲ | scratchyone a day ago | parent [-] | | unfortunately the page can also lie to you haha. it seems people have reviewed the code by now, but running suspicious shellcode you don't fully understand is never a great idea. | | |
| ▲ | charcircuit a day ago | parent [-] | | I personally had AI review the code, add comments, disassemble the shell code, etc. | | |
| ▲ | scratchyone a day ago | parent [-] | | that's quite smart. i was almost stupid enough to paste it into a terminal to check if it worked before deciding to wait and let others analyze it first haha |
|
|
|
