Auditd Field Spoofing: Now You Auditd Me, Now You Auditdonā€™t

moth // Introduction  One fateful night in June of 2022, Ethan sent a message to the crew: “Anyone know ways to fool Auditd on Linux? I’m trying to figure out how to change the auid (audit […]

Read the entire post here