🧠 SSH: Secure Shell, Secure Access
SSH isn’t just for hackers in hoodies — it’s the backbone of secure remote access for sysadmins, devs, and cloud warriors.
Let’s break it down 🔍

📘 “SSH (Secure Shell) is a cryptographic protocol for securely accessing remote machines over an unsecured network.”

🎯 Main Purpose:
To provide encrypted, authenticated remote access to systems over insecure networks (like the internet).

✅ Secure alternative to Telnet, FTP, and unencrypted remote protocols.

🚀 Key Features:

🔒 Confidentiality: All data is encrypted

🔐 Authentication: Password or key-based identity verification

📦 Integrity: Packets can’t be tampered with

🧭 Port forwarding: Secure tunnels for apps (e.g., databases)

📁 Secure file transfer: via scp or sftp

🔑 How Key Establishment Works (First Use):

👋 Client connects to SSH server for the first time

🧠 Server sends its public host key to the client

⚠️ Since this is the first time, the client doesn't know if it can be trusted

✅ User is prompted:

“The authenticity of host ‘example.com’ can’t be established. Do you trust this host?”

📜 If accepted, the server’s public key is stored in ~/.ssh/known_hosts

🔒 From then on, future connections verify the key to detect MITM attacks

It’s like saying:

"I don't know you, but I’ll remember your face (key) from now on."

🧪 Pro Tip:

Use SSH key pairs for login instead of passwords

Even better: Use ED25519 keys — modern, fast, secure

Check your fingerprint with:

ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub

🧩 TL;DR
SSH gives you secure, encrypted remote control over machines.
The first time you connect, it asks: “Do I trust this server?” — if yes, it saves the key and guards you from fakes ever after.


🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

🎯 Return-to-libc Attacks — Evading DEP/NX Like a Pro Hacker 💻💥

Modern systems use defenses like DEP (Data Execution Prevention) or NX (No-eXecute) to stop code injection by marking the stack and heap as non-executable. Sounds secure, right?
Well… return-to-libc attacks find a clever way around it. 😈

🔄 What Is Return-to-libc?
Instead of injecting new shellcode, the attacker:
1️⃣ Overwrites the return address on the stack
2️⃣ Redirects execution to a legitimate function in libc (like system())
3️⃣ Supplies arguments like "/bin/sh" via the stack
📌 So you get a shell — without injecting any code!

🚫 Why DEP/NX Can’t Stop It:
✔️ The attack doesn't run custom code
✔️ It uses already-present executable code in memory
✔️ DEP/NX only block code execution from non-executable regions, not legit library calls

💡 Example Flow:
Overflow a buffer

Overwrite return address with address of system()

Place "/bin/sh" in stack memory

Return to exit() after execution to clean up

🛡 Defenses That DO Help:
🔐 ASLR (Address Space Layout Randomization) — randomizes libc address
🔐 Stack canaries, RELRO, Control-Flow Integrity (CFI) — add layers of protection
🔐 Disable unused libc functions or use hardened libraries

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

🛡 Reference Monitor Model: The Gatekeeper of Access Control
Ever wonder who checks whether you really have permission to open that file or access that resource?
That job belongs to the Reference Monitor — the silent bouncer of your OS. 🔐🚪

📘 “The Reference Monitor is an abstract concept in security models that enforces access control policies.”

In practice, it’s the core mechanism behind tools like Access Control Lists (ACLs).

🔍 What It Does:
The Reference Monitor checks every access attempt and decides:
✅ Allow
❌ Deny
➡️ Based on your identity and the security policy

🔑 3 Essential Properties (Must-Haves):

Tamperproof — Can’t be modified by unauthorized users

Always Invoked — No way to bypass it

Verifiable — Must be small/simple enough to audit (e.g., Trusted Computing Base)

📂 Reference Monitor + ACLs:
ACL = a list attached to an object (like a file), showing who can do what.
Reference Monitor uses that list to enforce decisions:

🧪 Example:

File: payroll.csv  
ACL:  
- Alice: read, write  
- Bob: read  
- Eve: no access
If Eve tries to open it → ❌ Denied
If Bob tries to write → ❌ Denied
If Alice reads → ✅ Allowed

🧠 Where It's Used:

Operating systems (e.g., Windows, Linux)

Firewalls

Database access control

Virtual machines and hypervisors

🧩 TL;DR
The Reference Monitor is the enforcer behind access decisions.
It checks who you are, what you want, and whether you’re allowed — using tools like ACLs to guide its decisions.

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

🔍 What is File Integrity Monitoring (FIM)?
FIM is a crucial security control that checks files for unauthorized changes — in real time or at intervals.

🛡 Why it matters:
✔️ Detects tampering or malware
✔️ Protects critical system + config files
✔️ Helps meet compliance (PCI-DSS, HIPAA, etc.)

⚙️ How it works:
✅ Baseline snapshot of files
✅ Monitors for changes (hash, perms, ownership)
✅ Sends alerts if something looks suspicious

💡 Tools to try:

OSSEC

AIDE

Tripwire

Wazuh

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

Stay alert, stay safe. Integrity matters.

🛰 Port Scanning: Knocking on Every Digital Door
Before you attack a castle, you find its entrances.
In hacking, those "entrances" are open ports — and port scanners are how you find them. 🏰🔦

📘 “Port scanning is a common reconnaissance technique used to discover open services and infer vulnerabilities.”


🎯 Why Scan Ports?
To discover:

Which services are running (e.g., SSH, HTTP, FTP)

Which ports are open or filtered

Potential entry points or weak spots

Port scanning helps build a map of the target system — no exploit needed (yet) 📍

🛠 Popular Tools:

🚀 nmap — the OG Swiss Army knife of scanners

⚡️ masscan — scans the entire Internet fast

🌐 zmap — great for large-scale scanning and research

🧪 Scanning Techniques:

🔄 TCP SYN Scan: Stealthy and fast (-sS in nmap)

🌊 UDP Scan: Slower, but finds services like DNS & SNMP (-sU)

🧬 Version Detection: Identify the exact service & version (-sV)

🎭 OS Detection: Guess the operating system (-O)

Example:

nmap -sS -sV -O target.com

⚠️ Use Responsibly:

Port scanning can be noisy — some firewalls log and block it

It may be illegal without permission

Good attackers hide in plain sight; good defenders watch for these scans 👀

🧩 TL;DR
Port scanners are the binoculars of the cyber battlefield.
They don’t break in — they just show where the doors are.

#PortScanning #Nmap #Masscan #Reconnaissance #InfoSecTube

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

🛡 Real-World Example: Packet Filter Firewall
Think of this as a basic bouncer at your network’s front door — checking IDs but not knowing much beyond the basics. 🚪🕵️‍♂️

📘 Example:

Linux iptables

BSD pf (packet filter)

🔍 Simple Rule Example:

DROP tcp from any to 192.168.1.10 port 23

This means:
❌ Block any TCP traffic headed to port 23 (Telnet) on host 192.168.1.10 — no questions asked.

⚙️ How It Works:

Filters based on source IP, destination IP, and port

No knowledge of session state or application behavior

Fast and lightweight, but limited in understanding context

🛑 Limitations:

Can’t track if the connection is legitimate or part of an ongoing session

Doesn’t inspect the payload or application-level data

Vulnerable to spoofing or more advanced attacks

🧩 TL;DR
Packet filters are your network’s gatekeepers with a simple checklist — good for basic traffic control, but not much else.

#Firewall #PacketFilter #iptables #BSDpf #NetworkSecurity #InfoSecTube

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

📢 New Research on arXiv
Implementing Zero Trust Architecture to Enhance Security and Resilience in the Pharmaceutical Supply Chain

🔐 Explores how Zero Trust can protect pharma supply chains from cyber threats, improve resilience, and secure sensitive drug data.

📄 Read here: arxiv.org/abs/2508.15776

#CyberSecurity #ZeroTrust #Pharma #SupplyChain

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

💾 How to Reduce File System I/O Costs
Disk I/O is expensive. 🐢 It’s one of the slowest parts of your system.
Reducing file system I/O = faster performance + longer SSD lifespan + happier users 💥

🧠 Why I/O Is Expensive:

Disk operations (even on SSDs) are slower than CPU or memory

Repeated reads/writes = bottlenecks

High I/O = more power usage, more wear on hardware

🔧 Strategies to Reduce I/O Costs:

⚡️ Use Caching

Cache frequently accessed data in RAM

Use tools like memcached, Redis, or even in-app memory

OS does this too via page cache

📦 Batch I/O Operations

Avoid small, frequent writes → buffer them and write in bulk

Example: Logging every second? Buffer logs & flush every few minutes

🚫 Avoid Unnecessary Reads/Writes

Don’t read/write files unless needed

Skip re-saving unchanged files

Use stat() to check timestamps before reprocessing

🧵 Use Asynchronous or Buffered I/O

Async I/O lets you continue work while the system handles I/O in background

Buffered I/O combines multiple reads/writes

📁 Use Efficient File Formats

Binary formats (e.g., Protocol Buffers, HDF5) are often faster to read/write than text formats like JSON/CSV

Smaller files = faster disk access

🔍 Use Indexing & Metadata

Instead of scanning entire files, store metadata/indexes for fast lookups

Think: DB indexes, inverted file indexes in search engines

🚀 Optimize Access Patterns

Read/write sequentially rather than randomly (especially on HDDs)

Group related reads to minimize disk seeks

🧹 Keep the File System Clean

Avoid fragmentation (on HDDs)

Remove unused temp files

Periodically defragment (if needed)

🧩 TL;DR
To reduce file system I/O costs:
✅ Cache smartly
✅ Batch writes
✅ Avoid unnecessary access
✅ Use async + efficient formats
✅ Optimize how and when you access the disk

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

💥 Exploitation Tools: Turning Holes into Access
Finding a vulnerability is one thing...
Using it to break in? That’s where the real magic (and danger) begins. 🎩🐍

📘 “Once vulnerabilities are discovered, exploitation tools execute payloads to achieve control over the system.”

🎯 What Do Exploitation Tools Do?
They take a vulnerability — like an open window — and use it to:
🔓 Get inside the system
🪜 Escalate privileges
🎯 Drop backdoors, shells, or remote access

It’s the hacker’s way of saying: “I’m in.”

🧪 Examples in the Wild:

💣 Metasploit payloads like reverse_tcp to gain a shell back to the attacker

🐚 Custom shellcode injectors that load payloads into memory

⚠️ Buffer overflow scripts that overwrite return addresses and hijack execution

🦠 Dropping a meterpreter session and pivoting across the network

🧠 Why It’s Powerful:

Lets you prove impact — showing that the vuln is exploitable

Great for red teams, CTFs, and training labs

Helps defenders understand attacker techniques by walking in their shoes

❌ Risks & Caveats:

Can crash systems if misused 😵

Should only be used in legal, controlled environments

Payloads can be detected by antivirus/EDR if not obfuscated

🧩 TL;DR
Exploitation tools aren’t just for proof of concept — they’re the bridge from finding to owning.
One buffer overflow. One payload. Full control. Game on. 🎮💻


#Exploitation #Metasploit #Shellcode #BufferOverflow #OffensiveSecurity #InfoSecTube

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

🏨 Base + Offset Addressing: Your Personalized Hotel in RAM
How does the OS keep multiple processes from stepping on each other’s memory?
It gives each one its own hallway — thanks to the Base + Offset model.

🔍 Concept (Hotel Analogy):
Each process thinks it starts at Room 0.
But the OS assigns it a base address — the real start of its hallway.

🧳 Base = Where the OS starts your room in memory

🚶 Offset = How far you walk from your own “Room 0”

🏠 Actual address = base + offset

🧮 Example:

Base = 1000 (OS starts your hallway at address 1000)

Offset = 50 (you access Room 50 in your world)

Result: You’re really in physical address 1050

🧠 Smart Trick to Remember:

Base + Offset = Personalized Hotel Rooming
Each process lives in its own virtual hotel hallway.
Offset = how far you walk
Base = where your hallway really begins

📘 Used in:
✅ Memory protection
✅ Process isolation
✅ Virtual memory mapping

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

🧠 Hash Functions in Action: Why These 3 Properties Matter
Hash functions are everywhere — but how do they actually protect our systems?

🔐 1. Pre-image Resistance

Given a hash h, it should be hard to find a message m such that H(m) = h.

🧪 Real-World Use Cases:
✅ Password Hashing (/etc/shadow, bcrypt)
✅ Hashed Commitments (e.g., votes, auctions)
✅ Digital Signatures (when only the hash is visible)

🛡 Why it matters:
Prevents attackers from reversing a hash to recover sensitive data like passwords or committed values.

🔐 2. Second Pre-image Resistance

Given message m₁, it should be hard to find m₂ ≠ m₁ such that H(m₁) = H(m₂).

🧪 Real-World Use Cases:
✅ Software Update Validation
✅ Authenticated Backups
✅ Code Signing

🛡 Why it matters:
Stops an attacker from replacing legit files with malicious ones that hash the same — preserving integrity.

🔐 3. Collision Resistance

Hard to find any two messages m₁ ≠ m₂ where H(m₁) = H(m₂).

🧪 Real-World Use Cases:
✅ Digital Signatures (TLS, DocuSign)
✅ Certificate Authorities (X.509 certs)
✅ Merkle Trees in Blockchains

🛡 Why it matters:
If two different messages hash the same, a signature could be reused to falsely validate a forged document or cert.

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

📚 Segmentation: Memory as a Binder with Tabs
Ever open a binder and accidentally rip a page from the wrong section?
That’s what Segmentation Faults are all about. Let's break it down. 🔍

🔍 Concept (Binder Analogy):
Memory is divided like a binder with colored segments:

🔵 Code = Blue section (read-only)

🔴 Stack = Red section (grows downward)

🟢 Heap = Green section (grows upward)

Each segment has:

A base address (start)

A limit (length)

Go past the limit? 📛 Segmentation Fault!

🧮 Example:
🟥 Stack segment:

Starts at 8000, size = 1000

You try to access 9200
➡️ Invalid! That’s past the limit → 💥 segfault

🧠 Smart Trick to Remember:

📘 Segmentation = Binder with Colored Tabs
Each tab is a segment. Stay inside your section — no trespassing!

📌 Used in:
✅ Early memory management
✅ Isolating code, data, and stack
✅ Raising segmentation faults for safety

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

📦 Paging: Disorganized Warehouse, Smart Access
Paging breaks memory into small blocks so the OS can place them anywhere — and still keep things fast and safe.

🔍 Concept (Warehouse Analogy):

📝 Page = An item on your shopping list (virtual memory)

📦 Frame = A box in the physical warehouse (RAM)

🗺 Page Table = A smart map that tells you where each item went

The OS can scatter your memory all over the warehouse — you never notice!

🧮 Example:

Page size = 4KB

Virtual Page 2 → mapped to Physical Frame 7

Virtual address = 2 × 4KB = 8192

Physical address = 7 × 4KB = 28672

The page table makes this mapping seamless 🔁

🧠 Smart Trick to Remember:

Paging = Disorganized Warehouse + Smart List
Your memory is all over the place, but thanks to the page table, it’s organized on demand.

📘 Used In:
✅ Virtual memory
✅ Swapping and demand paging
✅ OS memory isolation


🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

🪑 Swapping: Desk Overflow → Drawer
Your RAM is limited, but apps want more.
The OS handles this by swapping — moving things in and out like a pro organizer.

🔍 Concept (Desk Analogy):

💾 RAM = Your desk (fast, but limited space)

📂 Disk = The drawer (slower, but roomy)

🧠 OS = You, deciding what to keep on the desk

When memory is tight, the OS swaps out less-used pages to disk.
When needed again, it swaps them back in = a page fault occurs.

🧮 Example:

Chrome is idle → OS moves its memory pages to disk

You click Chrome → OS loads them back into RAM

This keeps things running, even when RAM is full 🔄

🧠 Smart Trick to Remember:

Swapping = Desk Overflow → Drawer
Only the active pages stay on the desk.
Everything else waits in the drawer until needed.

📘 Used In:
✅ Virtual memory systems
✅ Multitasking OS (Linux, Windows, macOS)
✅ Memory overcommit situations

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

🕒 Temporal Locality: Time-Based Memory Optimization
“If I used it recently, I’ll probably use it again soon.”
That’s the idea behind Temporal Locality — and it’s a key reason why CPU caches exist.

📌 Definition:

When a memory location is accessed, it’s likely to be accessed again soon.

🧠 The system keeps recently used data close to the CPU (in cache), reducing the need to fetch it from RAM again.

🧪 Real Code Example (C):

int total = 0;
for (int i = 0; i < 100; i++) {
    total += array[i];
}

Here, the variable total is updated in every loop iteration.
It’s reused often, so it benefits from temporal locality — staying hot in cache for fast access 🔥

📦 Analogy:
☕️ You keep your coffee mug on your desk because you use it often.
No need to walk to the kitchen every time.
Your CPU cache is that desk.

📘 Why It Matters:
✅ Speeds up loops and function calls
✅ Enables efficient caching strategies
✅ Reduces memory latency



#TemporalLocality #Caching #CPUPerformance #MemoryOptimization #OSConcepts #InfoSecTube

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

🧭 Spatial Locality: Location-Based Memory Optimization
“If I use this, I’ll probably use its neighbors too.”
That’s the intuition behind Spatial Locality — another reason CPU caches are powerful.

📌 Definition:

If a memory location is accessed, nearby memory locations are likely to be accessed soon.

🧠 This helps the CPU prefetch adjacent data into the cache — speeding up sequential access.

🧪 Real Code Example (C):

for (int i = 0; i < 100; i++) {
    sum += array[i];
}

You're accessing array[0], then array[1], then array[2]...
Since arrays are stored contiguously in memory, the CPU loads entire blocks efficiently thanks to spatial locality.

📦 Analogy:
🧳 You open your suitcase to grab clothes.
Shirts, pants, and socks are packed next to each other, so you grab them in order, not randomly.
That’s spatial locality at work!

📘 Why It Matters:
✅ Speeds up loops and data traversal
✅ Enables cache line efficiency
✅ Perfect for array-heavy computations


#SpatialLocality #MemoryAccess #CPUCache #PerformanceOptimization #OSConcepts #InfoSecTube

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

📞 Function Call: Your Code Talking to Itself
A function call is like asking another part of your program to do something for you — and give you back the result.

📌 What Is It?

A function call jumps to another section of your own code and comes back with a return value.

✅ Happens entirely in user space
❌ No OS or kernel involvement
🧠 It's just you calling yourself (internally)!

🧪 Real Code Example (C):

int square(int x) {
    return x * x;
}

int result = square(5);  // Function call

The call to square(5) jumps to that function, executes the code, and returns with the value 25.

🧠 How It Works (Simplified):

Save where you are

Jump to function

Execute

Return to where you were
All handled by the CPU and call stack!

📘 Why It Matters:
✅ Organizes code
✅ Enables reuse and modular design
✅ Essential for recursion, libraries, algorithms

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

🧠 Library Call: Pre-Built Tools for Your Code
A library call is when your program uses a function from a standard library, like libc.
It’s still in user space, just not written by you.

📌 What Is It?

A library call is a function defined in a shared or static library, reused across programs.

✅ Still runs in user space
✅ No OS involvement unless it internally calls a system call
💡 Great for common tasks like string manipulation, math, file I/O helpers, etc.

🧪 Example (C):

#include <string.h>

strcpy(dest, src);  // ✅ Library call from libc

This function is defined in libc.so (shared library), and your program links to it — you don't reimplement it.

🔍 Library Call ≠ System Call

strcpy() = ✅ Library call (just copies memory)

read() or open() = ❌ System calls (needs OS help)

📘 Why It Matters:
✅ Saves time (don’t reinvent the wheel)
✅ Promotes code reuse and performance
✅ Keeps user space programs fast and clean


#LibraryCall #Libc #UserSpace #ProgrammingConcepts #InfoSecTube

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

🌐🔐 How Browser Certificates Work (and Why Intermediate CAs Exist)
You see that little 🔒 lock in your browser and feel safe...
But behind the scenes, there’s a full trust ceremony happening — and Intermediate CAs play a starring role. 🎭📜

📘 “Browsers trust certificates by verifying they are signed by a trusted authority through a chain of trust, often involving intermediate certificate authorities.”

🧠 Let’s Break It Down:
When you visit a site like https://secure.bank.com, here’s what your browser does:

📥 Receives the site’s leaf certificate (signed for secure.bank.com)

🔎 Checks the issuer — who signed it?

🧬 Follows the chain of trust:

The site cert was signed by an Intermediate CA

That Intermediate CA was signed by a Root CA

The Root CA is in your browser’s trusted store

✅ If all checks pass, you see the lock 🔒
🚨 If something breaks (expired, self-signed, mismatched), you get a warning

💡 Why Not Let Root CAs Sign Everything Directly?
Because:

🛡 Security — Root CAs are super-trusted and rarely touched. If compromised = global disaster

🧱 Scalability — Intermediate CAs can be issued for specific companies, countries, or use cases

🔄 Flexibility — You can revoke or rotate intermediates without touching the root

💼 Delegation — Allows big orgs to issue their own certs under a public chain

🧪 Example Certificate Chain:

secure.bank.com (Leaf Certificate)
⤷ Signed by DigiCert Secure Server CA (Intermediate)
⤷ Signed by DigiCert Global Root CA (Root)

Your browser only needs to trust DigiCert Global Root CA, and it’ll validate the rest.

🔍 Want to See It Live?

In Chrome: Click the 🔒 → "Connection is secure" → "Certificate is valid" → View the chain

Or use:

openssl s_client -connect secure.bank.com:443  

🧩 TL;DR
Your browser uses certificates to verify the identity of websites.
Intermediate CAs add security, scalability, and structure — so Root CAs don’t have to sign everything directly.


🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

📟 System Call: Talking to the Kernel
A system call is your program saying:
🗣 "Hey OS, I need your help — I’m not allowed to do this on my own!"

📌 What Is It?

A system call (syscall) is a request from a user-space program to the kernel to perform a privileged action (like accessing hardware, files, or devices).

🔄 User mode → Kernel mode
🛠 Happens via a trap or interrupt

🧪 Example (C):

#include <unistd.h>

write(1, "Hi\n", 3);  // ✅ System call

You can’t write directly to screen (fd 1 = stdout)
So you ask the OS via write(), which triggers a syscall.

🔐 Why Syscalls Exist:
❌ Apps can't directly:

Access the disk

Talk to network interfaces

Allocate physical memory
✅ Instead, they request the OS to do it safely.

📘 Common System Calls:

read(), write(), open(), close()

fork(), exec(), wait()

mmap(), kill(), getpid()

🧠 Smart Trick to Remember:

System call = asking the OS gatekeeper for access to powerful tools

🎯@InfoSecTube
📌YouTube channel
🎁Boost Us

🧠 What Is the Page Cache?
The page cache is a clever trick the Linux kernel uses to make disk access blazing fast — by keeping frequently used files in RAM. 🧠⚡️

📌 Definition:

The page cache is part of RAM where Linux caches disk file contents to avoid repeated slow reads/writes from the disk.

🧰 Purpose:

Speed up file access

Reduce disk I/O

Improve overall performance

🧪 Example (Terminal):

cat bigfile.txt

🔹 First time:
Linux loads bigfile.txt from disk → stores it in the page cache (slow but cached now)

🔹 Second time:
cat reads the file directly from RAM (super fast)

📦 Analogy:
🗃 Disk = File cabinet
🪑 Page cache = Your desk
You pull files (pages) once from the drawer… then just reuse them from your desk.
Faster, smarter — that’s caching! 💡

📘 Tools to Observe Page Cache:

free -h → Look at "cached"

vmstat, htop, or cat /proc/meminfo


#PageCache #LinuxPerformance #Caching #KernelTricks #FileSystem #InfoSecTube