Education

Linux Immutable Malware Process Binary Attack

Videos
Education
Linux Forensics
January 06, 2025

Processes running with an immutable binary are nearly always malware on Linux. Learn what this attack is, how to automatically detect it, and command line forensics you can use to investigate…

Linux EDR Detecting Processes Running from Temporary Directory Attack

Videos
Education
Linux Forensics
January 02, 2025

Linux temp directories are notorious for hosting malware from low-grade to sophisticated. Learn about this threat in the video below, and how to investigate suspicious processes abusing this…

Linux Process Running with Hidden Binary Name Attack

Videos
Education
Linux Forensics
December 29, 2024

Hidden process binaries on Linux are often malicious. In this video we describe what this attack is, why processes with hidden binaries are usually up to no good, and command line forensics you can…

Linux Process Running from /dev/shm RAM Disk Attack

Videos
Education
Linux Forensics
December 19, 2024

The Linux RAM disk in /dev/shm is a favorite place for malware to hide. The RAM disk is not frequently checked and is volatile so the malware can be sure it leaves not traces on disk if the system…

Deleted Process Binary Attack on Linux

Videos
Education
Linux Forensics
December 19, 2024

Malware on Linux will often delete the on-disk binary to evade detection with traditional anti-virus and file integrity monitoring tools. In this video we will discuss the threat and how to find it…

SSH Excessive Keys Risk - Do You Have Too Many SSH Keys?

Videos
Education
Linux Forensics
December 12, 2024

Do you have too many SSH keys on Linux? Probably. Having too many SSH keys on Linux accounts presents a credential theft and backdoor risk. Besides not knowing who can login with an account that has…