Below you will find pages that utilize the taxonomy term “Linux Security”
QLNX and Watching the Surroundings: Behavioral Detection for Linux
You cannot detect a malware sample that deletes itself from disk before your EDR blinks. That is the honest starting point for any discussion of QLNX.
Trend Micro’s TrendAI Research team discovered Quasar Linux – QLNX – a previously undocumented Linux remote access trojan with near-zero initial detection rates. It executes entirely from memory via memfd_create and execveat, wipes its own binary …
see the full story
Detecting Dirty Frag: Linux Privilege Escalation Detection Engineering
Dirty Frag is one of those Linux privilege escalation vulnerabilities that reminds defenders why behavioral detection matters.
Public proof-of-concept (PoC) exploits appeared quickly after disclosure. Most defenders initially focused on detecting known exploit filenames or hashes. That works for copy-paste attacks, but it fails the moment an attacker recompiles the exploit or renames the binary. …
see the full story