Home Tips & Tricks Detecting script-based attacks on Linux

Detecting script-based attacks on Linux


In this post John Booth describes how to detect encoded or obfuscated command-lines used by attackers on Linus hosts. As you may already know, “these techniques have the additional benefit of avoiding the need to drop a file to disk, reducing the risk to an attacker of being detected by traditional anti-virus products.”

Load More Related Articles
  • Unlocking the DFIR Door

    Here is a list of tips on getting hired in DFIR by Brett Shavers: …
  • XFS (Part 1) – The Superblock

    Hal Pomeranz has started a series of blog posts about forensic analysis of XFS file system…
  • Creating custom YARA rules

    Didier Stevens has posted about how to use IOCs (Indicators Of Compromise) to create your …
Load More In Tips & Tricks

Leave a Reply

Your email address will not be published. Required fields are marked *