Monday, June 27, 2022

Hunting for Persistence in Linux (Part 2): Account Creation and Manipulation

Introduction

In the previous blog post, we’ve discussed how to setup auditd and sysmon so that we can start hunting for persistence techniques in linux hosts. Specifically, we discussed some ways we can detect the creation and the use of web shells in a web server.

In this blog post, we will discuss the following:

We will give some example commands on how to implement these persistence techinques and some alerts you can use to detect these.

If you need help how to setup auditd, sysmon and/or…

Read More

Latest news
Related news