Duplicate password hashes on Linux are a tactic for attackers to drop backdoor accounts in an automated way. In this video we explain what a duplicate password hash attack is, and how you can find it with command line tools as well as automatically with Sandfly's agentless EDR for Linux.

Find out if your systems have duplicate password hashes, plus thousands of other attack traces instantly. Sandfly's agentless EDR for Linux deploys rapidly without any endpoint agents and without drama. Get a free license today to try it out.