Skip to content
Try it Free Request Your Demo

    Welcome to SUDO SCIENCE

    An Uptycs Comycs Series

    linux_comycs_1_thumbnail

    Meet Red Team Curly and Blue Team Linus. Hijinx will ensue.

    Ever wondered how everyday, innocuous linux commands and utilities can be leveraged by bad actors? Curious how you can detect if they’re being used maliciously in your ecosystem?

    Curly will stop at nothing to infiltrate Hackington and exfiltrate all the data he can find. There’s just one problem. Linus-- always vigilant, alert to anything suspicious, and wise to Curly’s tricks.

    This episode of Sudo Science has Curly, our Red Team character, making their way into a server via SSH. Somehow, they have made their way in with some privileged credentials and now need to figure out where they are. To do this, they will implement the same discovery techniques attackers may use. They run

    uname -a

    users

    tcpdump

    Click here to download

    Deep Dive

    Discovery techniques can be quite the headache when it comes to securing Linux Servers. During this phase, adversaries are trying to figure out the environment. However, some of the commands they run can be similar to what benign users may use to gain information about the system. Techniques like T1082 - System Information Discovery is a commonly used technique that “cannot be easily mitigated with preventative controls since it is based on the abuse of system features” according to MITRE. So how can we detect malicious activity? The answer lies in understanding the behavior in context with each other. Instead of looking at each command individually, we can detect potential adversarial behavior by looking at the string of commands run.

    Want to see the full Sudo Science Comyc? Download your copy here.

    Or click here for more Sudo Science action.

    Ready To Learn More About Linux Security?

    Ebook: 4 Golden Rules for Linux Security - Download Discover the 4 key components of Linux security with specific recommendations so you can make Linux more Secure: Reduce Attack Surface Area with SSH Best Practices, Scan for Odd User Activity, ... Learn More
    Linux Commands and Utilities Commonly Used by Attackers The Uptycs threat research team has observed several instances of Linux attackers leveraging inbuilt commands and utilities for malicious activities. Learn More
    Case Study Download our case study to learn how Flexport leveraged Uptycs to improve their cloud security posture, deliver security observability for multiple teams, and provide risk assurance for clients. Learn More

    See Uptycs in Action

    Schedule your demo of the Uptycs Cloud-Native Security Analytics Platform and see how Uptycs can help you protect and defend across modern attack surfaces.

    Schedule Your Demo