Year of the (Clandestine) Linux Desktop, topic, and the news - Rob Allen - ESW #433
17 November 2025 - 1 hour 56 minsSegment 1: Interview with Rob Allen It’s the Year of the (Clandestine) Linux Desktop!
As if EDR evasions weren’t enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy.
In this segment, we’ll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker.
Segment Resources:
Pro-Russian Hackers Use Linux VMs to Hide in Windows Russian Hackers Abuse Hyper-V to Hide Malware in Linux VMs Qilin ransomware abuses WSL to run Linux enc...
Series Episodes
Being Exploitable While Your Risk Tolerance Changes and You Unblock Innovation - Myke Lyons - BSW #438
1 hour 3 mins
11 March Finished
Precious Bodily Fluids, InstallFix, CISA, Claude, Overtime, Sim Swaps, Aaran Leyland - SWN #562
36 mins
10 March Finished
Breaking in with CrashFix, supply chain security, and CMMC phase 1 - David Zendzian, Anna Pham, Jacob Horne - ESW #449
1 hour 34 mins
9 March Finished
Iran vs Everyone: 2FA-Bypass Phish, APT41 Drive, iOS 0days, Josh Marpet, and More - SWN #561
36 mins
6 March Finished
