Black & White Path

Apr 3, 2026 · Information Security

Can You Trust ps, netstat, and ss on a Compromised Linux Host? Meet LinIR

The article examines why traditional Linux commands like ps, netstat, and ss cannot be trusted on a potentially root‑kit‑infected system, introduces the LinIR tool that collects forensic data without relying on the host's user‑space toolchain, and compares it against manual scripts, other automation tools, and commercial EDR solutions.