Hacker NewsSep 3, 2024
Why bother with argv[0]?
https://www.wietzebeukema.nl/blog/why-bother-with-argv0
#ycombinator #argv_lsqb_0_rsqb #argv0 #argv #arg_lsqb_0_rsqb #arg0 #command_line #cmd #command_line_obfuscation #command_line_bypass #edr_obfuscation #cyber #threat_detection #cyber_threat #cyber_threat_detection #edr #endpoint #blue_team #blue_teaming #red_team #red_teaming #threat_hunting #threat_hunter #hunting
Why bother with argv[0]?

The first argument of a program’s command line, typically reflecting the program’s name/path and often referred to as argv[0], can in most cases be set to an arbitrary value without affecting the process’ flow. Making the case against argv[0], this post demonstrates how it can be used to deceive security analysts, bypass detections and break defensive software, across all main operating systems.

 Hacker NewsSep 3, 2024
Why Bother with Argv[0]?
https://www.wietzebeukema.nl/blog/why-bother-with-argv0
#ycombinator #argv_lsqb_0_rsqb #argv0 #argv #arg_lsqb_0_rsqb #arg0 #command_line #cmd #command_line_obfuscation #command_line_bypass #edr_obfuscation #cyber #threat_detection #cyber_threat #cyber_threat_detection #edr #endpoint #blue_team #blue_teaming #red_team #red_teaming #threat_hunting #threat_hunter #hunting
Why bother with argv[0]?

The first argument of a program’s command line, typically reflecting the program’s name/path and often referred to as argv[0], can in most cases be set to an arbitrary value without affecting the process’ flow. Making the case against argv[0], this post demonstrates how it can be used to deceive security analysts, bypass detections and break defensive software, across all main operating systems.