|
|
|
|
|
|
by mannykannot
2020 days ago
|
|
|
It would require somewhat more sophistication on the attacker's part to detect curl|tee|bash being run in a VM, I think. Also, can you start bash with tracing on? Or put awk in the pipeline to turn it on, and also filter out attempts to turn it off? |
|
|