Hashing Detection
2024-08-05
Hashing detections are done by saving file hashes of known to be malicious files and comparing them with samples to be analyzed. If the file hashes match, this is a match and the sample is malicious.
This is typically done with MD5, SHA256, SHA1, and ssdeep algorithms, but can be done with virtually any hashing algorithm.
Linux Persistence: Modular Software
2025-04-17 DFIR CTF persistence linux persistence apache asterisk
Linux Persistence: Web Shells
2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP
Linux Persistence: Rootkits
2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking
Defanging Linux LKM Rootkits With cleanup_module()
2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit