BestHub
Sign in
Tagged articles
51 articles
Page 1 of 1
Black & White Path
Black & White Path
May 8, 2026 · Information Security

How Ukrainian Cyber Warriors Use Zapper to Hide Malicious Linux Processes

Zapper, a Linux process‑hiding tool created by Hacker’s Choice, runs without root, manipulates the ELF auxiliary vector via ptrace, hides command‑line arguments, environment variables and child processes with negligible overhead, and has been observed in real Ukrainian cyber‑war operations, prompting specific defensive recommendations.

ELF auxiliary vectorLinux securityZapper
0 likes · 10 min read
How Ukrainian Cyber Warriors Use Zapper to Hide Malicious Linux Processes
AI Explorer
AI Explorer
Apr 30, 2026 · Industry Insights

AI Tech Daily: Key AI Industry Highlights for April 30 2026

The AI Tech Daily roundup highlights Microsoft's 123% AI revenue surge, groundbreaking GPT‑5.5 restrictions, DeepSeek's multimodal launch, Ant Group's zkDTVM benchmark record, a 23‑year‑old Linux kernel bug, Stripe's 288 AI‑focused features, and emerging trends in LLM agent orchestration and AI adoption metrics.

AI revenueDeepSeekGPT-5.5
0 likes · 4 min read
AI Tech Daily: Key AI Industry Highlights for April 30 2026
MaGe Linux Operations
MaGe Linux Operations
Apr 17, 2026 · Information Security

Master Linux Privilege Escalation: Risks, Exploits, and Hardening Guide

This comprehensive guide explains the most common Linux privilege‑escalation vectors—including unsafe SUID binaries, sudo misconfigurations, cron jobs, password and SSH‑key leaks, kernel vulnerabilities, container escapes, and file‑permission flaws—while providing concrete detection commands and practical hardening steps for each risk.

BashHardeningLinux security
0 likes · 23 min read
Master Linux Privilege Escalation: Risks, Exploits, and Hardening Guide
MaGe Linux Operations
MaGe Linux Operations
Mar 4, 2026 · Information Security

Master Linux Intrusion Detection & Incident Response: A Practical Hands‑On Guide

This comprehensive guide walks you through building a layered Linux intrusion detection system, configuring host‑based tools such as AIDE, rkhunter, and auditd, automating security audits, performing forensic investigations, and executing a six‑step incident response workflow to detect, contain, and remediate attacks effectively.

AIDEAuditdForensics
0 likes · 59 min read
Master Linux Intrusion Detection & Incident Response: A Practical Hands‑On Guide
Xiao Liu Lab
Xiao Liu Lab
Feb 12, 2026 · Information Security

When fail2ban Became a Monero Miner: Detection, Removal, and Prevention

A temporary test server on Tianyi Cloud was compromised by a malicious XMRig miner masquerading as fail2ban, causing CPU usage to skyrocket; the article details how the intrusion was discovered, the forensic steps taken, and a comprehensive remediation and hardening guide to prevent similar attacks.

CPU SpikeFail2banLinux security
0 likes · 9 min read
When fail2ban Became a Monero Miner: Detection, Removal, and Prevention
Raymond Ops
Raymond Ops
Sep 28, 2025 · Information Security

How to Detect and Remove Hidden Linux Mining Malware – A Step‑by‑Step Guide

This guide explains how to identify the symptoms of a hidden cryptocurrency‑mining virus on a Linux server, locate and terminate the concealed processes, disable the malicious startup service, block suspicious IPs, and secure the system using tools such as sysdig, Safedog, and ClamAV.

ClamAVLinux securitySafedog
0 likes · 11 min read
How to Detect and Remove Hidden Linux Mining Malware – A Step‑by‑Step Guide
Ops Community
Ops Community
Sep 18, 2025 · Information Security

Essential Linux Security: Common Vulnerabilities and Practical Defense Strategies

This guide walks you through the most critical Linux security flaws—from privilege‑escalation and misconfigured sudo to SSH, web server, kernel, and container risks—offering concrete hardening steps, logging practices, firewall rules, incident‑response procedures, and compliance tips to build a resilient production environment.

Container SecurityLinux securityLog Monitoring
0 likes · 16 min read
Essential Linux Security: Common Vulnerabilities and Practical Defense Strategies
Ops Community
Ops Community
Sep 2, 2025 · Information Security

Mastering SELinux in Production: A Complete Security Configuration Guide

This comprehensive guide walks you through SELinux fundamentals, core concepts, mode differences, security contexts, real‑world configuration examples for web and database services, boolean management, troubleshooting techniques, performance tuning, and enterprise‑grade best practices to turn SELinux into a reliable production‑level security guardian.

Linux securitySELinuxSystem Hardening
0 likes · 16 min read
Mastering SELinux in Production: A Complete Security Configuration Guide
MaGe Linux Operations
MaGe Linux Operations
Aug 24, 2025 · Information Security

Building a Complete Linux Enterprise Security System: From IDS to Incident Response

This article walks through constructing a comprehensive Linux enterprise security framework, covering layered network protection, firewall and host hardening, IDS deployment with OSSEC, traffic analysis using Suricata, centralized monitoring via ELK, automated incident response scripts, continuous improvement practices, performance tuning, and real‑world lessons from a large‑scale breach.

IDSLinux security
0 likes · 17 min read
Building a Complete Linux Enterprise Security System: From IDS to Incident Response
Ops Community
Ops Community
Aug 23, 2025 · Information Security

Top 10 Linux Security Threats in 2025 Every Ops Engineer Must Know

This 2025 Linux security threat report breaks down the ten most critical risks—ranging from supply‑chain poisoning to AI‑driven APT attacks—offering real‑world case studies and actionable, step‑by‑step mitigation strategies for Linux operations teams.

Container SecurityLinux securityOperations
0 likes · 14 min read
Top 10 Linux Security Threats in 2025 Every Ops Engineer Must Know
Liangxu Linux
Liangxu Linux
Jul 21, 2025 · Information Security

Stop SSH Brute‑Force Attacks: 4 Hardening Techniques with Fail2ban and Key Authentication

This guide explains four practical ways to protect a Linux server from SSH brute‑force attacks—using complex passwords, changing the default port, disabling direct root login, and enabling public‑key authentication—plus detailed steps to install and configure Fail2ban for automatic IP blocking.

Brute-force protectionLinux securityPublic Key Authentication
0 likes · 9 min read
Stop SSH Brute‑Force Attacks: 4 Hardening Techniques with Fail2ban and Key Authentication
Linux Kernel Journey
Linux Kernel Journey
Oct 31, 2024 · Information Security

A New Perspective on eBPF Security: Auditing Complex Attack Techniques

This article demonstrates how to use eBPF to audit fileless command‑execution attacks and reverse‑shell techniques by tracing memfd_create, Kprobe/LSM hooks, dup2 redirections, and related kernel functions, providing concrete code examples and analysis of the detection logic.

KprobeLSMLinux security
0 likes · 18 min read
A New Perspective on eBPF Security: Auditing Complex Attack Techniques
Linux Code Review Hub
Linux Code Review Hub
Oct 29, 2024 · Information Security

How to Audit and Intercept File Read/Write Operations Using eBPF

This guide explains how to leverage eBPF’s Kprobe, Tracepoint, and LSM features to audit file read/write activity, extract process and file details, and optionally block operations using helpers like bpf_send_signal or bpf_override_return, with complete code examples and configuration steps.

File AuditingKprobeLSM
0 likes · 17 min read
How to Audit and Intercept File Read/Write Operations Using eBPF
Java Tech Enthusiast
Java Tech Enthusiast
Oct 22, 2024 · Information Security

How to Harden Ubuntu 20.04 Server: SSH, Users, Keys, and Firewall

This guide walks through securing an Ubuntu 20.04 server by updating packages, changing the default SSH port, enforcing strong passwords, creating a non‑root user with sudo, disabling root login, enabling RSA key authentication, configuring the UFW firewall, and blocking ping requests.

Linux securityRSA keysSSH Hardening
0 likes · 9 min read
How to Harden Ubuntu 20.04 Server: SSH, Users, Keys, and Firewall
Liangxu Linux
Liangxu Linux
May 14, 2023 · Information Security

Why SELinux Matters: How It Works and When (Not) to Disable It

This guide explains what SELinux is, how its mandatory access control policies enforce security, the risks of disabling it, and provides step‑by‑step instructions for turning it off on CentOS while suggesting the permissive mode as a safer alternative.

CentOSLinux securitySELinux
0 likes · 4 min read
Why SELinux Matters: How It Works and When (Not) to Disable It
MaGe Linux Operations
MaGe Linux Operations
Aug 5, 2022 · Information Security

Secure Your Linux Server: 8 Essential SSH Hardening Steps

Learn how to protect your Linux server by disabling root SSH login, changing the default port, enforcing strong passwords, limiting login attempts, using SSH protocol 2, disabling forwarding, employing key‑based authentication, and restricting access by IP, with clear commands and configuration examples.

Linux securitySSHServer Hardening
0 likes · 6 min read
Secure Your Linux Server: 8 Essential SSH Hardening Steps
Open Source Linux
Open Source Linux
Jul 27, 2022 · Information Security

How to Harden SSH on Linux: 8 Essential Security Steps

This guide explains why the default SSH configuration on Linux is risky and provides eight concrete hardening measures—including disabling root login, changing the default port, enforcing key‑based authentication, limiting login attempts, and restricting access by IP—to secure your server against common attacks.

Linux securityServer Hardeningaccess control
0 likes · 8 min read
How to Harden SSH on Linux: 8 Essential Security Steps
Open Source Linux
Open Source Linux
Feb 9, 2022 · Information Security

How to Safely Disable SELinux on CentOS: Step‑by‑Step Guide

This guide explains why and how to disable SELinux on CentOS, covering status checks, temporary and permanent disabling methods, necessary configuration file edits, and verification steps to ensure the system runs without SELinux enforcement.

CentOSDisable SELinuxLinux security
0 likes · 5 min read
How to Safely Disable SELinux on CentOS: Step‑by‑Step Guide
21CTO
21CTO
Feb 4, 2022 · Information Security

5 Essential SSH Best Practices to Harden Your Linux Server

This guide outlines five practical SSH security measures—including two‑factor authentication, changing default settings, certificate‑based login, bastion host deployment, and firewall configuration—to significantly improve the baseline protection of Linux servers.

Bastion HostLinux securitySSH
0 likes · 7 min read
5 Essential SSH Best Practices to Harden Your Linux Server
MaGe Linux Operations
MaGe Linux Operations
Dec 12, 2021 · Information Security

How to Stop Brute‑Force SSH Attacks on Your Raspberry Pi

This article explains how a Raspberry Pi exposed to the Internet was repeatedly attacked via SSH, how the author identified the brute‑force attempts in /var/log/auth.log, and step‑by‑step methods using hosts.allow/deny and ufw to whitelist trusted IPs and block malicious traffic.

Brute-force protectionLinux securityRaspberry Pi
0 likes · 5 min read
How to Stop Brute‑Force SSH Attacks on Your Raspberry Pi
OPPO Kernel Craftsman
OPPO Kernel Craftsman
Oct 29, 2021 · Information Security

Linux Security Module (LSM) Fundamentals and Implementation

The article explains the Linux Security Module (LSM) framework, detailing its origins, hook‑based architecture, kernel integration points, initialization process, and how it enables flexible, non‑intrusive security enhancements such as SELinux, allowing multiple security modules to coexist within the Linux kernel.

AppArmorKernel SecurityLSM
0 likes · 9 min read
Linux Security Module (LSM) Fundamentals and Implementation
MaGe Linux Operations
MaGe Linux Operations
Jun 24, 2021 · Information Security

Inside a Crypto Mining Botnet: Step-by-Step Server Compromise Analysis

This article walks through a real-world server breach where attackers hijacked SSH access, deployed malicious scripts, leveraged Redis vulnerabilities, and turned the machine into a high‑speed crypto‑mining botnet, while offering detailed forensic clues and remediation advice.

Linux securitycrypto mininggpg-agentd
0 likes · 12 min read
Inside a Crypto Mining Botnet: Step-by-Step Server Compromise Analysis
MaGe Linux Operations
MaGe Linux Operations
May 15, 2021 · Information Security

Microsoft Extends Defender TVM to Linux and macOS for Cross‑Platform Security

Microsoft has expanded its Threat and Vulnerability Management (TVM) feature of Defender for Endpoint to Linux and macOS, offering public preview support for major distributions and promising future Android and iOS coverage, thereby enhancing cross‑platform security visibility and remediation capabilities for enterprises.

Endpoint ProtectionLinux securityMicrosoft Defender
0 likes · 3 min read
Microsoft Extends Defender TVM to Linux and macOS for Cross‑Platform Security
Aikesheng Open Source Community
Aikesheng Open Source Community
Jan 8, 2021 · Information Security

Configuring SELinux for MySQL: Managing Access Controls and Directory Contexts

This article explains how SELinux enforces mandatory access control on Linux, describes its three modes, shows how to view and modify SELinux contexts for MySQL processes and data directories, and provides step‑by‑step commands to add custom paths, logs, PID files, and ports while preserving system security.

Database AdministrationLinux securitySELinux
0 likes · 8 min read
Configuring SELinux for MySQL: Managing Access Controls and Directory Contexts
ITPUB
ITPUB
Dec 4, 2020 · Information Security

Inside the gpg-agentd Malware that Hijacked an Alibaba Cloud Server

A detailed forensic walk‑through reveals how a disguised gpg-agentd binary compromised a CentOS server on Alibaba Cloud, using SSH key injection, malicious cron jobs, Redis abuse, and masscan scanning to spread and mine cryptocurrency.

Linux securitycron abusegpg-agentd
0 likes · 15 min read
Inside the gpg-agentd Malware that Hijacked an Alibaba Cloud Server
21CTO
21CTO
Nov 19, 2020 · Information Security

How to Exploit and Patch Ubuntu’s Silent Sudo User Vulnerability

This article explains a critical Ubuntu flaw that lets a standard user create a new sudo account and gain root privileges without a system password, details the step‑by‑step exploitation process, and outlines the official patches released to fix the issue.

CVEExploitLinux security
0 likes · 6 min read
How to Exploit and Patch Ubuntu’s Silent Sudo User Vulnerability
ITPUB
ITPUB
Nov 18, 2020 · Information Security

Create a New sudo User and Gain Root on Ubuntu Without a Password – Full Exploit Guide

This article explains a critical Ubuntu vulnerability that lets a standard user create a new sudo account and obtain root privileges without a system password, detailing the exploitation steps, required commands, and the underlying flaw in accounts‑daemon and GNOME Display Manager, plus mitigation advice.

Linux securitySudoUbuntu
0 likes · 7 min read
Create a New sudo User and Gain Root on Ubuntu Without a Password – Full Exploit Guide
Liangxu Linux
Liangxu Linux
Nov 16, 2020 · Information Security

How to Exploit and Patch Ubuntu’s Accounts‑Daemon & GDM3 Privilege Escalation

Security researcher Kevin Backhouse revealed a local‑privilege‑escalation flaw in Ubuntu desktop that lets a standard user create a sudo‑enabled account without a password by abusing a .pam_environment symlink, crashing accounts‑daemon, and forcing GNOME’s initial‑setup wizard, with patches now available.

Linux securityUbuntuaccounts-daemon
0 likes · 7 min read
How to Exploit and Patch Ubuntu’s Accounts‑Daemon & GDM3 Privilege Escalation
Liangxu Linux
Liangxu Linux
Sep 22, 2020 · Information Security

How to Block Frequent Malicious IPs from Accessing Nginx with iptables

This guide shows how to install Nginx on a RedHat 6.5 system, simulate rapid requests from a malicious IP using ApacheBench, examine the access logs, and then block that IP permanently with an iptables rule or Nginx configuration, verifying the block with curl.

IP blockingLinux securityNginx
0 likes · 7 min read
How to Block Frequent Malicious IPs from Accessing Nginx with iptables
58 Tech
58 Tech
Sep 4, 2020 · Information Security

Understanding ASLR and Buffer Overflow Exploits on Linux

This article explains the concept of Address Space Layout Randomization (ASLR), illustrates how buffer overflow attacks work on Linux, shows step‑by‑step exploitation with disabled ASLR, analyzes memory layout calculations, and discusses the impact of PIE and modern mitigation techniques.

ASLRExploitLinux security
0 likes · 6 min read
Understanding ASLR and Buffer Overflow Exploits on Linux
Efficient Ops
Efficient Ops
May 31, 2020 · Information Security

Detecting and Eradicating Hidden Linux Mining Malware via Crontab and LD_PRELOAD

This article walks through a real‑world Linux mining malware incident, detailing how the attacker used a malicious crontab entry and LD_PRELOAD to hide processes, the forensic steps to uncover the payload, and practical remediation and hardening measures to prevent future compromises.

Cryptocurrency MiningLD_PRELOADLinux security
0 likes · 12 min read
Detecting and Eradicating Hidden Linux Mining Malware via Crontab and LD_PRELOAD
ITPUB
ITPUB
Oct 17, 2019 · Information Security

Understanding the Sudo CVE‑2019‑14287 Vulnerability and How to Mitigate It

The article explains the CVE‑2019‑14287 sudo bug that lets attackers bypass root restrictions by using special user IDs, assesses its severity and real‑world impact, and provides concrete steps—including patch installation and sudoers configuration checks—to protect Linux systems.

CVE-2019-14287Linux securitySudo
0 likes · 7 min read
Understanding the Sudo CVE‑2019‑14287 Vulnerability and How to Mitigate It
ITPUB
ITPUB
Jun 17, 2019 · Information Security

How a Hidden gpg‑agentd Malware Hijacked a CentOS Server and Spread via Redis

A detailed forensic walk‑through shows how a compromised CentOS 6 server was infected by a disguised gpg‑agentd binary, how the attacker used cron jobs to pull malicious scripts, leveraged Redis write‑file vulnerabilities and masscan to scan the Internet, and provides concrete hardening recommendations.

Linux securitycron persistencegpg-agentd
0 likes · 12 min read
How a Hidden gpg‑agentd Malware Hijacked a CentOS Server and Spread via Redis
DevOps
DevOps
Nov 1, 2018 · Information Security

Docker Security Features: Capabilities, Image Signing, AppArmor, Seccomp, User Namespaces and More

This article explains Docker's built‑in security mechanisms—including Linux kernel capabilities, image signing, AppArmor MAC, Seccomp syscall filtering, user namespaces, SELinux, PID limits and additional kernel hardening tools—provides configuration examples, command‑line demonstrations, and guidance on using them safely.

AppArmorContainer SecurityImage Signing
0 likes · 16 min read
Docker Security Features: Capabilities, Image Signing, AppArmor, Seccomp, User Namespaces and More
MaGe Linux Operations
MaGe Linux Operations
Mar 4, 2018 · Information Security

Hardening OpenSSH: Essential Steps to Secure Your SSH Server

This guide walks you through securing OpenSSH on Linux/Unix systems by configuring key‑based authentication, disabling root and password logins, restricting users, tightening firewall rules, applying rate limits, and using additional tools to protect against brute‑force attacks, all with concrete command examples.

Linux securityOpenSSHPublic Key Authentication
0 likes · 18 min read
Hardening OpenSSH: Essential Steps to Secure Your SSH Server
dbaplus Community
dbaplus Community
Sep 21, 2017 · Information Security

How I Detected and Fixed a Shellshock Attack on a Linux Server

After a sudden server crash, the author traced a ransomware note, uncovered a Bash Shellshock exploit through log analysis and crafted GET requests, verified the vulnerability, upgraded Bash, and applied post‑compromise hardening steps to fully recover the system.

Bash vulnerabilityLinux securityServer Hardening
0 likes · 11 min read
How I Detected and Fixed a Shellshock Attack on a Linux Server
Practical DevOps Architecture
Practical DevOps Architecture
Sep 6, 2017 · Information Security

Configuring SELinux and iptables on Red Hat/CentOS Systems

This guide explains how to permanently disable SELinux, temporarily change its mode, and provides a comprehensive tutorial on using iptables—including table concepts, basic commands, rule management, scripting, NAT configuration, and saving/restoring firewall rules—on Red Hat/CentOS Linux.

CentOSLinux securitySELinux
0 likes · 16 min read
Configuring SELinux and iptables on Red Hat/CentOS Systems
MaGe Linux Operations
MaGe Linux Operations
Jul 20, 2017 · Information Security

Essential Linux Security Hardening: From Account Safety to Rootkit Detection

This guide outlines comprehensive Linux security practices for administrators, covering account and login protection, service minimization, password and key authentication, sudo usage, system welcome message hardening, remote access safeguards, filesystem permissions, rootkit detection tools, and step‑by‑step response procedures after a server compromise.

Linux securityRootkit Detectionincident response
0 likes · 25 min read
Essential Linux Security Hardening: From Account Safety to Rootkit Detection
Efficient Ops
Efficient Ops
May 11, 2017 · Information Security

Mastering Linux Security: Real‑World Attack Vectors and Defense Strategies

This article shares practical insights from a security director at YY Live, detailing the complex Linux security landscape, common vulnerabilities, real‑world attack techniques such as Redis abuse and privilege escalation, and a multi‑layered defense approach that balances rapid business iteration with robust protection.

DDoS mitigationLinux securityVulnerability Management
0 likes · 21 min read
Mastering Linux Security: Real‑World Attack Vectors and Defense Strategies
ITPUB
ITPUB
Nov 1, 2016 · Information Security

How Linux Buffer Overflows Work and How to Defend Against Them

This article explains the mechanics of Linux buffer‑overflow attacks with concrete C and assembly examples, shows how to craft and execute shellcode, and demonstrates practical mitigation techniques such as using Libsafe with LD_PRELOAD to protect vulnerable programs.

LD_PRELOADLibsafeLinux security
0 likes · 23 min read
How Linux Buffer Overflows Work and How to Defend Against Them
MaGe Linux Operations
MaGe Linux Operations
Sep 5, 2016 · Information Security

Secure Your Nginx on Linux: SELinux, Sysctl Tweaks, Module Stripping & Firewall

This guide walks through hardening an Nginx web server on Linux by configuring default files, testing and reloading, enabling SELinux, mounting least‑privilege partitions, applying sysctl security parameters, removing unnecessary modules, and deploying an iptables‑based firewall with detailed command examples.

HardeningLinux securitySELinux
0 likes · 14 min read
Secure Your Nginx on Linux: SELinux, Sysctl Tweaks, Module Stripping & Firewall
ITPUB
ITPUB
Jul 9, 2016 · Information Security

How to Harden SSHD Against Brute‑Force Attacks with Fail2Ban

This tutorial walks through the practical steps to protect an SSH daemon from brute‑force attacks by enforcing strong passwords, changing the default port, disabling root logins, and configuring Fail2Ban to automatically ban malicious IPs, complete with command‑line examples and configuration details.

Brute-force protectionFail2banLinux security
0 likes · 12 min read
How to Harden SSHD Against Brute‑Force Attacks with Fail2Ban
ITPUB
ITPUB
Mar 23, 2016 · Information Security

How Malicious ELF Files Evade IDA Pro and What You Can Do About It

The article reveals a novel ELF‑binary manipulation technique that prevents IDA Pro from loading malicious Linux samples, demonstrates reconstruction steps with hex editors, compares other disassemblers, and provides YARA rules and a GitHub script for detection and remediation.

ELFIDA ProLinux security
0 likes · 5 min read
How Malicious ELF Files Evade IDA Pro and What You Can Do About It