Linux Malicious Techniques PoC
This repository contains simple proof-of-concept (PoC) implementations of common Linux malicious techniques for educational and research purposes only.
Techniques
1. Change Process Command Line (argv[0])
- File:
src/change_argv0.c - Description: Overwrites the process's command line as seen in
/proc/<pid>/cmdlineby modifyingargv[0]. - Usage:
gcc src/change_argv0.c -o change_argv0 ./change_argv0 # Inspect with: ps aux | grep malwareX
2. Change Process Name (comm) via prctl syscall
- File:
src/change_comm.c - Description: Changes the process name (as seen in
/proc/<pid>/command some tools liketop) using theprctlsyscall. - Usage:
gcc src/change_comm.c -o change_comm ./change_comm # Inspect with: cat /proc/$(pgrep malwareX)/cmdline
Disclaimer
This repository is for educational and research purposes only. Do not use these techniques for malicious activity.