A forensic analyst suspects that a buffer overflow exists in a kernel module. The analyst executes the following command
Posted: Sat Jul 23, 2022 7:33 pm
A forensic analyst suspects that a buffer overflow exists in a kernel module. The analyst executes the following command:
However, the analyst is unable to find any evidence of the running shell.
Which of the following of the MOST likely reason the analyst cannot find a process ID for the shell?
A. The NX bit is enabled
B. The system uses ASLR
C. The shell is obfuscated
D. The code uses dynamic libraries
However, the analyst is unable to find any evidence of the running shell.
Which of the following of the MOST likely reason the analyst cannot find a process ID for the shell?
- A Forensic Anal 1 (14.4 KiB) Viewed 62 times
B. The system uses ASLR
C. The shell is obfuscated
D. The code uses dynamic libraries