0 views collected around this technical thread.
This article details a real‑world Linux server breach, describing the symptoms, investigative commands, log analysis, malicious script removal, file attribute unlocking, and practical remediation steps, while highlighting key lessons and preventive measures for future security.
This guide walks Linux operations engineers through eleven practical checks—including log inspection, user file verification, login event analysis, network traffic monitoring, and file recovery via lsof—to identify and remediate compromised machines effectively.
This article details the evolution, architecture, and key technologies of Ant Group's anti‑intrusion platform, explaining how it handles trillion‑level data streams for intrusion detection, performs multi‑dimensional risk assessment and attribution, and enables rapid, automated security incident response across massive enterprise environments.
This guide outlines eleven practical steps for Linux system administrators to identify signs of compromise—such as missing logs, altered password files, unusual login activity, abnormal traffic, and deleted files—and provides command examples for detection and recovery.
This article documents a real‑world Linux server compromise, detailing the observed symptoms, forensic commands, malicious scripts, file‑locking tricks, and a step‑by‑step remediation process including SSH hardening, cron cleanup, chattr usage, and preventive security recommendations.
This article details a real‑world Linux server compromise, describing the symptoms, possible causes, investigative commands, hidden malicious scripts, file attribute locks, and practical remediation steps to restore the system and improve future security.
The Host Security Capability Construction Guide analyzes evolving threats, categorizes security capabilities into basic, enhanced, and advanced levels, details industry-specific priority requirements, and outlines a comprehensive construction and evaluation process to help enterprises select appropriate solutions and build an effective host security framework.
The ISCA 2022 full‑score paper “Fidas: Fortifying the Cloud via Comprehensive FPGA‑based Offloading for Intrusion Detection” presents a novel FPGA‑accelerated IDS architecture that jointly offloads regex matching and traffic classification, achieving high flexibility, rapid rule updates, balanced load, and line‑rate performance in cloud data centers.
This guide explains how to secure Linux accounts, examine critical system files, use command‑line tools to monitor logins, detect suspicious activity, analyze logs, and investigate potential intrusions, providing practical steps for administrators to harden and audit their servers.
This document outlines the background, challenges, and a comprehensive enterprise intrusion detection solution that combines host‑based and network‑based monitoring, automated CVE and GitHub leak collection, a modular agent‑middle‑display architecture, and future plans for multi‑dimensional threat modeling to enhance preventive security capabilities.
This article shares practical insights from a security director at YY Live, detailing the complex Linux security landscape, common vulnerabilities, real‑world attack techniques such as Redis abuse and privilege escalation, and a multi‑layered defense approach that balances rapid business iteration with robust protection.