Lior Ribak is a Senior Linux Security Researcher, and member of the Linux Detection team at SentinelOne. Previously, he spent nearly five years at Unit 8200, where he took part in various R&D projects. His interests include reverse-engineering, OS internals and security, and solving challenges with AI.
Abusing LD_PRELOAD to intercept library calls on Linux is a known threat actor technique, but it’s possible to load libaries even before that. Meet LD_AUDIT
