Linux LOTL Reconnaissance Chain Detection with Native Tools

Detects chained execution of multiple native Linux tools (curl, wget, whoami, id, ss, etc.) from the same host and user, a pattern indicative of APT operators using Living-Off-the-Land techniques on Linux systems as highlighted by the 2025 LOTL trend affecting not only Windows but also Linux and macOS