Year of the (Clandestine) Linux Desktop, topic, and the news - Rob Allen - ESW #433
17 November 2025 - 1 hour 56 minsSegment 1: Interview with Rob Allen It’s the Year of the (Clandestine) Linux Desktop!
As if EDR evasions weren’t enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy.
In this segment, we’ll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker.
Segment Resources:
Pro-Russian Hackers Use Linux VMs to Hide in Windows Russian Hackers Abuse Hyper-V to Hide Malware in Linux VMs Qilin ransomware abuses WSL to run Linux enc...
Series Episodes
Making vulnerability management and incident response actually work. Also, the News! - Ryan Fried, Beck Norris, José Toledo - ESW #442
1 hour 43 mins
19 January Finished
Miss Cleo, Whisperpair, Fortisiem, REDVDS, Google, Spying, Rob Allen and More... - Rob Allen - SWN #547
39 mins
16 January Finished
The Future Of Proactive Security Before Building an AI Enabled Enterprise - Erik Nost - BSW #430
55 mins
14 January Finished
Are you dead?, AI Hellscape, Copilot, Blue Delta, Quishing, Confer, Aaran Leyland... - SWN #546
36 mins
13 January Finished
