anatomyofreallinuxintrusion_mitmhoneypot-alonso2016
2025-03-03
Anatomy of a Real Linux Intrusion Part I: Running a MiTM SSH honeypot
by Angel Anonso
September 15, 2016
https://blog.angelalonso.es/2016/09/anatomy-of-real-linux-intrusion-part-i.html
| Notes |
|---|
| Linux malware |
| Linux |
| MiTM |
| honeypot |
| SSH |
| trojan |
| rootkit |
| Sebek |
| hooking |
| system call |
| Dublin City University |
| Kippo |
| Raspberry Pi |
| ISP |
| WiFi |
| Raspberry Pi 3 model B |
| honssh - Kippo fork |
| Raspbian |
| router |
| Raspberry Pi 2 |
| firewall |
| NAT |
| port 22 |
| Debian |
| iptables |
| HTTP, NTP, DNS |
| sshd key |
| openssh-server |
| cron |
Linux Persistence: Modular Software
2025-04-17 DFIR CTF persistence linux persistence apache asterisk
Linux Persistence: Web Shells
2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP
Linux Persistence: Rootkits
2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking
Defanging Linux LKM Rootkits With cleanup_module()
2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit