Blog
Linux Process Running from /dev/shm RAM Disk Attack
The Linux RAM disk in /dev/shm is a favorite place for malware to hide. The RAM disk is not frequently checked and is volatile so the malware can be sure it leaves not traces on disk if the system…
Deleted Process Binary Attack on Linux
Malware on Linux will often delete the on-disk binary to evade detection with traditional anti-virus and file integrity monitoring tools. In this video we will discuss the threat and how to find it…
SSH Excessive Keys Risk - Do You Have Too Many SSH Keys?
Do you have too many SSH keys on Linux? Probably. Having too many SSH keys on Linux accounts presents a credential theft and backdoor risk. Besides not knowing who can login with an account that has…
SSH Authorized Keys2 Backdoor Attack
SSH has a little known way to leave behind backdoor keys, and that is by using the deprecated authorized_keys2 file. Many Linux users are unaware of this feature and what risks it poses. In this…
Risky Business Snake Oilers Interview with Sandfly Security
Join us for an interview on the Risky Business Snake Oilers segment where we talk about agentless Linux security and Sandfly. We cover the problem of Linux security monitoring with traditional EDR…
Default User SSH Authorized Key Risks on Linux
Default Linux users with SSH authorized keys are a way for attackers to hide backdoor accounts that can avoid detection for some time. In this video we discuss and demonstrate the threat, why it's…