ACI Journal Articles

Title

Looking for Linux: WSL Key Evidence

Document Type

Article

USMA Research Unit Affiliation

Army Cyber Institute

Publication Date

12-11-2019

Abstract

Microsoft released Windows Subsystem for Linux (WSL) in 2016 to much fanfare, but little research into the security implications of installing this feature followed. This lack of research, and lack of documentation, is a problem for the administrators who want to take advantage of its feature set while monitoring their systems for unusual behavior. Native Windows logging can provide visibility into WSL’s behavior, but there has been no research on which logs can provide this visibility, and what exact information they can provide. This paper examines how to monitor a Windows 10 system with WSL installed for common indicators of malicious activity.

Record links to items hosted by external providers may require fee for full-text.

Share

COinS