Year of the (Clandestine) Linux Desktop, topic, and the news - Rob Allen - ESW #433

Nov 17, 2025

01:56:49

forum

Ask episode

view_agenda

Chapters

auto_awesome

Transcript

info_circle

Episode notes

Segment 1: Interview with Rob Allen

It’s the Year of the (Clandestine) Linux Desktop!

As if EDR evasions weren’t enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy.

In this segment, we’ll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker.

Segment Resources:

Pro-Russian Hackers Use Linux VMs to Hide in Windows
Russian Hackers Abuse Hyper-V to Hide Malware in Linux VMs
Qilin ransomware abuses WSL to run Linux encryptors in Windows

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

Segment 2: Topic - Threat Modeling Humanoid Robots

We're entering the age of human-shaped robots, so it seems like a good time to talk about the fact that they ALREADY HAVE CVEs assigned to them. I guess this isn't a terrible thing - John Connor might have had an easier time if he could simply hack the terminators from a distance...

Resources

https://www.unitree.com/H2 (watch the video!)
China’s humanoid robots get factory jobs as UBTech’s model scores US$112 million in orders
The big reveal: Xpeng founder unzips humanoid robot to prove it’s not human
Exploit Allows for Takeover of Fleets of Unitree Robots - Security researchers find a wormable vulnerability
100-page Paper: The Cybersecurity of a Humanoid Robot
5-page Paper: Cybersecurity AI: Humanoid Robots as Attack Vectors
Amazingly, $300 smart vacuums have some of the same exact vulnerabilities and backdoors built into them as the $16,000 humanoid robots! The Day My Smart Vacuum Turned Against Me

Segment 3: Weekly News

Finally, in the enterprise security news,

A $435M venture round
A $75M seed round
a few acquisitions
the producer of the movie Half Baked bought a spyware company
AI isn’t going well, or is it?
maybe we just need to adopt it more slowly and deliberately?
ad-blockers are enterprise best practices
firewalls and VPNs are security risks, according to insurance claims
could you power an entire house with disposable vapes?

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-433

Home Top podcasts Popular guests Top books