Blog
Obsolete Linux Password Hash Threats
Obsolete password hashes on Linux represent a threat for user credentials and lateral movement. An old or weak password hash generally means: The user's password is easily brute forced if stolen…
Hidden Linux Binary Threats for Intruders and Malware
Linux attackers and malware often hide their binary payloads. In this video we'll discuss what this threat is, why it is done, and how to find processes running with hidden binaries using command…
Immutable File Attack Persistence on Linux
Linux can allow administrators to set files as immutable. This feature prevents the files from being modified or deleted by anyone (even root). However, it can also be used by intruders to maintain…
Linux Immutable Malware Process Binary Attack
Processes running with an immutable binary are nearly always malware on Linux. Learn what this attack is, how to automatically detect it, and command line forensics you can use to investigate…
Linux EDR Detecting Processes Running from Temporary Directory Attack
Linux temp directories are notorious for hosting malware from low-grade to sophisticated. Learn about this threat in the video below, and how to investigate suspicious processes abusing this…
Linux Process Running with Hidden Binary Name Attack
Hidden process binaries on Linux are often malicious. In this video we describe what this attack is, why processes with hidden binaries are usually up to no good, and command line forensics you can…