Linux detections

Detects a potentially malicious Nc execution.

Source table → box.unix

Detects file creation in init system directories. File creation in these directories can be used for script execution on machine boot.

Source table → box.unix

Detects for the dd command being used to overwrite a file. This is a powerful tool that can be abused for data destruction purposes, and could potentially render data irrecoverable.

Source table → box.unix

Detects a potentially malicious Scp execution. This could indicate that an attacker could be trying to exfiltrate from or download a file to the target machine.

Source table → box.unix

Detects suspicious file creation in the systemd directory.

Source table → box.unix