Linux Process Running from /dev/shm RAM Disk Attack
Linux系统中的内存盘(/dev/shm)常被恶意软件利用以隐藏自身。由于其不常被检查且易失性特性,恶意软件可避免在重启后留下痕迹。通过Sandfly的无代理Linux EDR和命令行取证技术可有效检测此类攻击行为。 2024-12-19 20:8:30 Author: sandflysecurity.com(查看原文) 阅读量:1 收藏
Linux系统中的内存盘(/dev/shm)常被恶意软件利用以隐藏自身。由于其不常被检查且易失性特性,恶意软件可避免在重启后留下痕迹。通过Sandfly的无代理Linux EDR和命令行取证技术可有效检测此类攻击行为。 2024-12-19 20:8:30 Author: sandflysecurity.com(查看原文) 阅读量:1 收藏
Sandfly Blog
The Linux RAM disk in /dev/shm is a favorite place for malware to hide. The RAM disk is not frequently checked and is volatile so the malware can be sure it leaves not traces on disk if the system reboots. In this video we go over this attack, how to find it with Sandfly agentless Linux EDR, and command line forensics you can use to help investigate what may be happening
Sandfly is able to find this and many other types of Linux attacks without deploying any endpoint agents. Get your free license today or contact us for more information.
文章来源: https://sandflysecurity.com/blog/linux-process-running-from-dev-shm-ram-disk-attack
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh