The best detection method for finding Linux intruders is hunting for tactics they use, not binary signatures of their tools. #DFIR
When new exploit tools drop, I recommend you basically ignore the exploit itself. They go stale quickly. Instead, focus on making the actor's operation tactics visible. Tools can be changed quickly, but operational tactics being disrupted causes major hassles.
Same for most other types of Linux malware. Example: Polymorphic malware can make each copy brand new and hard to spot with file scanning. Better to focus on what it is trying to do instead and spot that. Now each new version is visible until tactics are forced to change.
Hunting for tactics of Linux malware and intruders produces results over and over again even when brand new malware emerges. It's amazing how well it can spot trouble without a hamster wheel of constant updates. #DFIR
You can follow @CraigHRowland.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more