Process memory infection
There are many rootkits, viruses, backdoors, and other tools out there that can be used to infect a system's userland memory. We will now name and describe a few of these.
Process infection tools
Azazel: This is a simple but effective
LD_PRELOAD
injection userland rootkit for Linux that is based on its predecessor rootkit named Jynx.LD_PRELOAD
rootkits will preload a shared object into the program that you want to infect. Typically, such a rootkit will hijack functions such as open, read, write, and so on. These hijacked functions will show up as PLT hooks (modified GOT). For more information, visit https://github.com/chokepoint/azazel.Saruman: This is a relatively new anti-forensics infection technique that allows a user to inject a complete dynamically linked executable into an existing process. Both the injected and the injectee will run concurrently within the same address space. This allows stealthy and advanced remote process infection. For more information...