undefined | Better HN

Skip to content

Top New Best Ask Show Jobs

undefined | Better HN

0 pointsopengears1y ago0 comments

In the mitigation section there is written 'Deploy Runtime Protection: Use advanced anti-malware and behavioral detection tools that can detect rootkits, cryptominers, and fileless malware like perfctl.' -- which tools can we currently use to detect perfctl?

0 comments

ykonstant1y ago

I hear Crowdstrike is king (≖ ͜ ≖)

doubled1121y ago

To be fair, a system that rebooted and won't come back up IS pretty secure.

AStonesThrow1y ago

No, because it's a denial of service.

C-I-A triad: Confidentiality, Integrity, Availability.

A dead system is confidential, and if that's your criterion, then fine, but legitimate users may require access to intact data and services.

j / k navigate · click thread line to collapse