6 articles
A complete guide to Linux lateral movement — SSH pivoting, ssh-agent hijacking, credential harvesting, port forwarding, and NFS abuse. Includes auditd rules, Sigma, Wazuh, and Sentinel KQL detections.
A complete guide to Linux privilege escalation — SUID abuse, sudo misconfig, cron hijacking, capabilities, and kernel exploits. Includes auditd rules, Sigma, Wazuh, and Sentinel KQL detections.
A practical workflow for the first 10 minutes after a suspected breach — commands with explanations for Linux and Windows triage, red flags, and when to escalate.
Microsoft's Defender team uncovered a clever attacker technique: PHP webshells that stay completely dormant until activated by a secret HTTP cookie. Here's how it works — and how to catch it.
Every major Linux distro ships services you never asked for. From snapd to CUPS to rpcbind — a practical audit guide covering Ubuntu, Debian, RHEL, Rocky, Fedora, and openSUSE.
Qualys TRU disclosed nine confused deputy vulnerabilities in Linux AppArmor — exposing 12.6 million servers to root escalation, KASLR bypass, and container isolation collapse. Technical deep dive and detection guide.