Analysis of the “lib__mdma.so.1” userland rootkit

Note to the reader: This blogpost was written “as it happened”, so it may jump around the place a bit. I’ll try clean it up somewhat before I hit publish, but I probably won’t have time to do much serious editing. Also, there is some value in showing the process, I guess. Or maybe that …

AliumTerm: Reverse Shells over Tor, Part 2. The PTY.

In this post, we will upgrade our listener to give us a PTY, and write a simple enough python implant to send us back our shells. We will also discuss the problem of adding dependencies to our script, and I’ll show the absolutely hideous solution I came up with. A reasonably short entry, as spawning …