
ACI Journal Articles
Title
Looking for Linux: WSL Key Evidence
Document Type
Article
USMA Research Unit Affiliation
Army Cyber Institute
Publication Date
12-11-2019
Abstract
Microsoft released Windows Subsystem for Linux (WSL) in 2016 to much fanfare, but little research into the security implications of installing this feature followed. This lack of research, and lack of documentation, is a problem for the administrators who want to take advantage of its feature set while monitoring their systems for unusual behavior. Native Windows logging can provide visibility into WSL’s behavior, but there has been no research on which logs can provide this visibility, and what exact information they can provide. This paper examines how to monitor a Windows 10 system with WSL installed for common indicators of malicious activity.
Web Link
https://www.sans.org/white-papers/39330/
Record links to items hosted by external providers may require fee for full-text.