This blog series explores methods attackers might use to maintain persistent access to a compromised linux system. To do this, we will take an “offense informs defense” approach by going through techniques listed in the MITRE ATT&CK Matrix for Linux. I will try to:
Give examples of how an attacker might deploy one of these backdoors Show how a defender might monitor and detect these installations
By giving concrete implementations of these persistence techniques, I hope to give defenders a bet…