🛡 Detect Medusa Rootkit on Linux – Test Guide

A new stealth rootkit called Medusa uses LD_PRELOAD to hijack dynamic libraries and hide files, processes, and ports from commands like ls, ps, and netstat.

Goal: Catch Medusa by bypassing its tricks.

⸻

How to Detect It (Step-by-Step)
1. Use statically built BusyBox – it doesn’t rely on dynamic libraries, so it ignores LD_PRELOAD.

2. Launch a clean shell:

busybox ash

3. Run commands inside it:

ls -la /lib
ps aux
netstat -tulpn

4. Compare output with normal shell.
If you see hidden files/processes appear in BusyBox but not in bash → You’re likely infected.

⸻

🔴 Don’t install BusyBox via apt on a live compromised system.
Instead:
• Run it from a USB or RAM (/dev/shm) to avoid overwriting evidence.


references:
github
blog


#Rootkit
@GoSecurity

The OWASP Smart Contract Top 10 (2025) is a standard awareness document providing Web3 developers and security teams with insights into the top 10 vulnerabilities found in smart contracts.

https://owasp.org/www-project-smart-contract-top-10/

Researcher earns Google Chrome ’s top $250K for a sandbox escape vulnerability enabling remote code execution.

https://securityaffairs.com/181057/hacking/chrome-sandbox-escape-nets-security-researcher-250000-reward.html

Inside the Linux #Kernel 🐧

What is cryptocurrency? 🤣

Foundation of Linux Reverse Engineering & Exploitation

Chapter One and Preliminaries
YouTube

Check CVE-2024-6387

https://github.com/xaitax/CVE-2024-6387_Check

The provided exploit code is optimized only for the i386 (32-bit) architecture.

https://github.com/zgzhang/cve-2024-6387-poc

Lesser Known Linux Persistence Mechanisms
John Hammond

https://youtu.be/whhOYRWd_rs?si=ThofWaLJoEauQkfH