"Looking for Linux: WSL Key Evidence" by Amanda Draeger

ACI Journal Articles

Title

Looking for Linux: WSL Key Evidence

Authors

Amanda Draeger, Army Cyber Institute, U.S. Military AcademyFollow

Document Type

Article

USMA Research Unit Affiliation

Army Cyber Institute

Publication Date

12-11-2019

Abstract

Microsoft released Windows Subsystem for Linux (WSL) in 2016 to much fanfare, but little research into the security implications of installing this feature followed. This lack of research, and lack of documentation, is a problem for the administrators who want to take advantage of its feature set while monitoring their systems for unusual behavior. Native Windows logging can provide visibility into WSL’s behavior, but there has been no research on which logs can provide this visibility, and what exact information they can provide. This paper examines how to monitor a Windows 10 system with WSL installed for common indicators of malicious activity.

Web Link

https://www.sans.org/white-papers/39330/

External Link

Record links to items hosted by external providers may require fee for full-text.

COinS

ACI Journal Articles

Title

Authors

Document Type

USMA Research Unit Affiliation

Publication Date

Abstract

Web Link

Browse

Search

Submit Your Work

Links

Links

ACI Journal Articles

Title

Authors

Document Type

USMA Research Unit Affiliation

Publication Date

Abstract

Web Link

Share

Browse

Search

Submit Your Work

Links

Links