skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Python Script Detects Debuggers in Windows and Linux

/ 1 min read

New Python script detects debuggers in Windows and Linux environments. A recently identified Python script is designed to detect virtualized environments and the presence of debuggers on both Windows and Linux systems. On Windows, it utilizes the Microsoft API call IsDebuggerPresent() and checks the Process Environment Block (PEB) for a “BeingDebugged” flag. In contrast, the Linux version examines the /proc/self/status file for the “TracerPid” line, where a value of “0” indicates no active tracing. Despite its stealthy capabilities, the script remains largely undetected by antivirus software, with a VirusTotal score of only 2 out of 64. The ultimate purpose of the script is still under investigation, as the bytecode executed does not appear to function correctly.