Linux EDR nologin Shell Rename Backdoor Attack Detection and Forensics

Поділитися
Вставка
  • Опубліковано 4 гру 2024

КОМЕНТАРІ • 2

  • @kevinpaulus4483
    @kevinpaulus4483 День тому

    Nice ... but you still need an exploit from which you can run root commands or escalate to root to replace the shell in the shadow passwd file (chsh) and change the non password to something legible (passwd). Do you have alerts of possible RCE's on vulnerable systems ... do you do continuous nessus like or nmap/NSE or ... other types of vulnerability scanning ?
    Anyway ... quite interesting product for an enterprise with a Linux environment.

    • @SandflySecurity
      @SandflySecurity  День тому +1

      We assume anyone that gets on a Linux box is going to get root is our philosophy. There are many ways it can happen with bugs, mis-configurations, etc. We scan systems on random basis for signs of attack but are not a vulnerability scanner. We specifically focus on compromise detection and agentless threat hunting. Many systems remain unpatched or open to attack and admins need an automated way to search out and identify hosts that have been compromised. Hope that helps.