known_hosts
0001-01-01
The known_hosts file stores a list of SSH hosts and their public keys connected to by an OpenSSH client.
This is used to verify that the endpoints are who they say they are. If the stored data on disk differs from what a remote server of the same hostname/IP address is saying, a large warning banner is displayed, warning the client that the keys differ. This is intended to prevent man in the middle or impersonation attacks.
Linux Persistence: Modular Software
2025-04-17 DFIR CTF persistence linux persistence apache asterisk
Linux Persistence: Web Shells
2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP
Linux Persistence: Rootkits
2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking
Defanging Linux LKM Rootkits With cleanup_module()
2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit