To detect SQL injection attempts

To serve as a decoy for attackers (honeypot)

To monitor memory corruption in stack-based buffer overflows

To encrypt sensitive data in transit

Hiding malware in image files

Concealing data within DNS queries

Encrypting emails with PGP

Embedding secret messages in audio files

Read, write, execute for owner; read & execute for group/others

Read, write, execute for owner; SUID bit set

Full permissions for owner, read-only for others

SUID bit with execute permissions for all

XSS

TOCTOU

CSRF

ARP poisoning

Using cloud services for anonymity

Attackers using legitimate system tools for malicious purposes

Harvesting credentials from phishing sites

Exploiting zero-day vulnerabilities

netstat -tuln

lsof

ps aux

ss -a

Brute-forcing password hashes offline

Bypassing authentication using stolen hash values

Exploiting weak hash algorithms like MD5

Intercepting hashes in transit