RCLocals is inspired by ‘Autoruns’ from Sysinternals, RCLocals analyzes all Linux startup possibilities to find backdoors, also performs process integrity verification, scan for DLL injected processes and much more
·List GPG keys trusted by the system
·Installed Packages
·File integrity
·Process integrity (process and libraries loaded in a process that not belongs to any installed package)
·Processes with name spoofed (processes that use prctl() to change their name in /bin/ps)
·CRON entries
·RC files
·X system startup files
·Active Systemd Units
·Systemd Timer Units
·tmpfiles.d
·linger users
For only suspicious information:
#python3 rclocals.py –triage
For detailed information:
#python3 rclocals.py –all
What is a Software Supply Chain Attack? A software supply chain attack occurs when a…
When people ask how UDP works, the simplest answer is this: UDP sends data quickly…
Endpoint Detection and Response (EDR) solutions have become a cornerstone of modern cybersecurity, designed to…
A large-scale malware campaign leveraging AI-assisted development techniques has been uncovered, revealing how attackers are…
How Does a Firewall Work Step by Step? What Is a Firewall and How Does…
People trying to securely connect to work are being tricked into doing the exact opposite.…