Default Linux users with SSH authorized keys are a way for attackers to hide backdoor accounts that can avoid detection for some time. In this video we discuss and demonstrate the threat, why it's used, and how to find it with command line tools and automatic discovery with Sandfly, the agentless Linux EDR platform.

Sandfly is able to find this and many other types of Linux attacks without deploying any endpoint agents. Get your free license today or contact us for more information.