Nirsoft false positives
0001-01-01
Nirsoft software, while generally used for legitimate/benign purposes is somtimes abused by threat actors or used in conjunction with malware.
As such, many antivirus vendors mark these tools a malicious, which leads to many false positive results.
https://www.nirsoft.net/false_positive_report.html
Linux Persistence: Modular Software
2025-04-17 DFIR CTF persistence linux persistence apache asterisk
Linux Persistence: Web Shells
2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP
Linux Persistence: Rootkits
2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking
Defanging Linux LKM Rootkits With cleanup_module()
2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit