Linux security

The Red Canary Blog

Security teams need an ally to help defend against adversaries. Check out our blog for tips on increasing visibility, expanding detection coverage, and improving information security.
Invoke-Atomic leaves the nest
Comparing open source adversary emulation platforms for red teams
Introducing Chain Reactor
Testing initial access with “Generate-Macro” in Atomic Red Team
Topics (1)
Unlocking Heaven’s Gate on Linux
Trapping the Netwire RAT on Linux
Introducing Chain Reactor
ATT&CK T1501: Understanding systemd service persistence
Data sources, Linux detection, and more at ATT&CKcon 2.0
Frankenstein was a hack: the copy/paste cryptominer
A Pastebin scraper, steganography, and a persistent Linux backdoor
Threat Hunting in Linux for Indicators of Rocke Cryptojacking
We’re always looking for new experts to contribute interesting perspectives and improve our blog. Email us at with article pitches, feedback, or just to say hello!

Subscribe to our blog