Six Malicious Linux Shell Scripts Used To Evade Defenses And How To Stop Them

The Uptycs Threat Research team outlines how malicious Linux shell scripts are used to cloak attacks and how defenders can detect these threats and mitigate their risk of suffering an attack.

Evasive techniques used by attackers, date back to the earlier days, when base64 and other common encoding schemes were used. Today, attackers are adopting new Linux shell script tactics and techniques to disable firewalls, monitoring agents and modifying access control lists (ACLs).

In previous Uptycs Threat Research posts, we discussed the common utilities in Linux, which are generally used by threat actors in the attack chain. In this report, we highlight those common defense evasion techniques, which are common in malicious Linux shell scripts. And then, we outline how Uptycs spots and mitigates against them.