Can You Trust ps, netstat, and ss on a Compromised Linux Host? Meet LinIR

The article examines why traditional Linux commands like ps, netstat, and ss cannot be trusted on a potentially root‑kit‑infected system, introduces the LinIR tool that collects forensic data without relying on the host's user‑space toolchain, and compares it against manual scripts, other automation tools, and commercial EDR solutions.

GoLinIRLinux incident response

0 likes · 14 min read

Can You Trust ps, netstat, and ss on a Compromised Linux Host? Meet LinIR

Efficient Ops

Nov 25, 2024 · Information Security

Uncovering the gpg-agentd Malware: How an Alibaba Cloud Server Was Compromised

This article walks through a real-world intrusion on an Alibaba Cloud CentOS server, detailing how a disguised gpg-agentd process was used to install backdoors, hijack SSH keys, exploit Redis, and launch mass scanning, and provides concrete hardening recommendations to prevent similar attacks.

Linux incident responseSSH HardeningServer Security

0 likes · 13 min read

Uncovering the gpg-agentd Malware: How an Alibaba Cloud Server Was Compromised