Blog
Hidden Linux Binary Threats for Intruders and Malware
Linux attackers and malware often hide their binary payloads. In this video we'll discuss what this threat is, why it is done, and how to find processes running with hidden binaries using command…
Immutable File Attack Persistence on Linux
Linux can allow administrators to set files as immutable. This feature prevents the files from being modified or deleted by anyone (even root). However, it can also be used by intruders to maintain…
Linux Immutable Malware Process Binary Attack
Processes running with an immutable binary are nearly always malware on Linux. Learn what this attack is, how to automatically detect it, and command line forensics you can use to investigate…
Linux EDR Detecting Processes Running from Temporary Directory Attack
Linux temp directories are notorious for hosting malware from low-grade to sophisticated. Learn about this threat in the video below, and how to investigate suspicious processes abusing this area.…
Linux Process Running with Hidden Binary Name Attack
Hidden process binaries on Linux are often malicious. In this video we describe what this attack is, why processes with hidden binaries are usually up to no good, and command line forensics you can…
Linux Process Running from /dev/shm RAM Disk Attack
The Linux RAM disk in /dev/shm is a favorite place for malware to hide. The RAM disk is not frequently checked and is volatile so the malware can be sure it leaves not traces on disk if the system…