Thursday, January 20, 2022

Hunting for Persistence in Linux (Part 1): Auditd, Sysmon, Osquery, and Webshells

This blog series explores methods attackers might use to maintain persistent access to a compromised linux system. To do this, we will take an “offense informs defense” approach by going through techniques listed in the MITRE ATT&CK Matrix for Linux. I will try to:

Give examples of how an attacker might deploy one of these backdoors Show how a defender might monitor and detect these installations

By giving concrete implementations of these persistence techniques, I hope to give defenders a bet…

Read More

Latest news
Related news