linneman labs
content
···
✓
verified
home
/ channels / detection
detection / purple team
tetragon below the socket · glimmer · rust c2 beacon
2026.04.24
Detection Below the Socket Layer
Malware that hand-builds its own packets slips past socket-level monitoring so the detection drops below the socket too.
2026.04.13
The DNF Numbers Station
C2 traffic indistinguishable from DNF update checks, with tasking hidden in the microseconds of Apache ETags.
2026.04.09
Building and Detecting a Rust C2 Beacon
Dual-layer encryption and a hardening pass from 1.4MB to 388K and the YARA rules that catch the beacon anyway.
view all posts →