Linux persistence techniques as a map

Pepe Berba has created a nice overview of linux persistence techniques as a maphttps://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/

Linux persistence map v0.2 from pberba

It shows places/locations/paths for persistense in systemd-generators, motd, /usr/sbin/cron (Cron Scheduler), rootkits, /sbin/init [PID 1] (System systemd), web server (web shells), systemd --user (User systemd), /usr/sbin/sshd (SSH Daemon), /bin/bash (Login Shell), user systemd-generators, user systemd timers, user systemd services, etc and its mitre attack technique ids. 

No comments:

Post a Comment

Azure Managed Identities (technical service accounts)

Explaination Azure Managed Identities = technical service accounts Password is automatically managed, as it was the case in managed service ...