The text explores the concept of syscall evasion, focusing on bypassing security tools' detection by monitoring system calls. It explains the role of syscall interfaces in Linux, compares different syscalls and their functionalities, and delves into the bash shell builtins to showcase how commands can be manipulated to evade detection. By demonstrating techniques like monitoring syscalls using strace, identifying external binaries versus builtins, and tricking security tools by using bash shell builtins, the text illustrates the complexities and nuances involved in monitoring system activities for security purposes
Through examples like executing commands with bash builtins and observing the corresponding syscalls, the text highlights the importance of monitoring the right syscalls for effective security measures in bypassing traditional detection methods. ```https://cloudsecurityalliance.org/articles/exploring-syscall-evasion-linux-shell-built-ins