10 – Boot or Logon Initialization Scripts: motd.9 – Boot or Logon Initialization Scripts: init.d.8 – Boot or Logon Initialization Scripts: RC Scripts.Hunting for Persistence in Linux (Part 4): Initialization Scripts and Shell Configuration.5 – Create or Modify System Process: Systemd Service.Hunting for Persistence in Linux (Part 3): Systemd, Timers, and Cron.4 – Account Manipulation: SSH Authorized Keys.Hunting for Persistence in Linux (Part 2): Account Creation and Manipulation.1 – Server Software Component: Web Shell.Hunting for Persistence in Linux (Part 1): Auditing, Logging and Webshells.The diagram above gives an overview of what will be discussed in this series. We will discuss other techniques in succeeding posts. In this blog post, we will only discuss web shells but we will be focusing more on logging and monitoring. How to monitor and detect persistence techniques.How to deploy the persistence techniques.Show how a defender might monitor and detect these installationsīy giving concrete implementations of these persistence techniques, I hope to give defenders a better appreciation of what exactly they are trying to detect, and some clear examples of how they can test their own alerting.Įach persistence technique has two main parts:.Give examples of how an attacker might deploy one of these backdoors.To do this, we will take an “offense informs defense” approach by going through techniques listed in the MITRE ATT&CK Matrix for Linux. ![]() Welcome to this blog series “Hunting for Persistence in Linux”! This is a series that explores methods attackers might use to maintain persistent access to a compromised linux system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |