all InfoSec news
How does xz's backdoor rewrite the entry of RSA_public_decrypt@....plt ?
March 30, 2024, 11:22 a.m. | /u/tamaroning
cybersecurity www.reddit.com
[https://openwall.com/lists/oss-security/2024/03/29/4](https://openwall.com/lists/oss-security/2024/03/29/4)
[https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27](https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27)
The first article refers to hack glibc IFUNC resolver and hooks to the dynamic linker (ld-linux.so?).
As a result, importantly, calls to RSA\_public\_decrypt redirects to malicious code.
But I dont understand how attackers register hooks into the dynamic linker. I heard that the malicious function analyzes the symbol table.
Someone can explain it?
article articles attack attackers backdoor code cybersecurity dynamic entry glibc hack linux malicious redirects register resolver result rsa understand
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Information Security Specialist, Sr. (Container Hardening)
@ Rackner | San Antonio, TX
Principal Security Researcher (Advanced Threat Prevention)
@ Palo Alto Networks | Santa Clara, CA, United States
EWT Infosec | IAM Technical Security Consultant - Manager
@ KPMG India | Bengaluru, Karnataka, India
Security Engineering Operations Manager
@ Gusto | San Francisco, CA; Denver, CO; Remote
Network Threat Detection Engineer
@ Meta | Denver, CO | Reston, VA | Menlo Park, CA | Washington, DC