Home

Detecting script-based attacks on Linux

Community Manager

Last month, we announced the extension of Azure Security Center’s detection for Linux. This post aims to demonstrate how existing Windows detections often have Linux analogs. A specific example of this is the encoding or obfuscation of command-lines.

 

Some of the reasons an attacker might wish to encode their commands include minimizing quoting/escaping issues when encapsulating commands in scripts and a basic means of hiding from host-based intrusion detection. These techniques have the additional benefit of avoiding the need to drop a file to disk, reducing the risk to an attacker of being detected by traditional anti-virus products.

 

1db8120f-c115-40b8-ab62-ea892020018b.png

 

Read about it in the Azure blog.

Related Conversations
Edge on Linux
InYourHead in Discussions on
29 Replies
WLinux – The best WSL for Windows 10
Thomas Maurer in Windows 10 on
2 Replies
Intune Scripting
jesusleon in Microsoft Intune on
2 Replies