Hunting for Apache rootkit using OSquery
In this short blog post, I would like to show you how easy it is to backdoor Apache HTTP server running on the Linux platform by using malicious Apache module with rootkit functionality. In the 2nd part of this post I want to focus on detection steps of how to use OSquery to catch suspicious activities and 'connect the attack dots' together at scale.
Read now