Hacker News new | ask | show | jobs
by nshelly 701 days ago
I would assume they could also dump memory, i.e. `/dev/mem`. Agreed they would need to also do frequent memory snapshots, but lots of malware will also run in the background waiting indefinitely, and often as the same name as common Linux processes but different hashes.
2 comments
qeternity 701 days ago
You would need an agent to do this. Cloning EBS won’t dump memory.
link
stefan_ 701 days ago
The people who have /dev/mem and run this garbage must form a complete overlapping circle.
link