dd
Convert and copy files or block devices. Used for disk imaging, raw data exfiltration, and overwriting disk regions.
Binary Paths
/bin/dd/usr/bin/dd
Glob Patterns
| Pattern | Notes |
|---|---|
d?
|
Single wildcard — very short command name; may match df/du/dh depending on PATH (use full path to avoid ambiguity) |
/bin/d?
|
Full path with wildcard on last char — more specific than bare d? |
/???/d?
|
Both path component and command name obfuscated with ? |
$(ls /bin/dd)
|
Command substitution via ls — obfuscates the path; dd is too short to use ? glob uniquely |
$'\x64\x64'
|
ANSI-C hex escapes expand to 'dd' |
Pattern Tester
$
Try typing dd or a full path like /bin/dd
YARA Rule
Auto-generated detection rule for dd