Daniel Roberson

Security Research

Daniel's Web Page

A blog about security research, technology, and hacking.

Recent Posts

Linux Persistence: Modular Software

2025-04-17 DFIR CTF persistence linux persistence apache asterisk

How attackers can persist on Linux systems using modular or extensible software--and what to do about it. Read More

Linux Persistence: Web Shells

2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP

How attackers maintain access to Linux systems using web shells, plus practical advice on prevention and detection strategies. Read More

Linux Persistence: Rootkits

2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking

Explore how rootkits provide stealthy persistence on Linux systems, with practical strategies to detect and prevent them. Read More

Linux Persistence: Processes

2025-04-11 DFIR persistence processes linux persistence processes

Learn how attackers use malicious or hidden processes to persist on Linux systems, and how to detect and investigate them effectively. Read More

Defanging Linux LKM Rootkits With cleanup_module()

2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit

Demonstrates how to forcibly unhook Linux kernel rootkits (and some EDR products) by calling their cleanup_module() function. Read More

Linux Persistence: atd

2025-04-01 DFIR CTF linux persistence at atd

How attackers abuse the atd scheduling system for persistence, with detection and hardening tips for defenders. Read More

Linux Persistence: SSH

2025-03-29 DFIR CTF SSH hardening hunting persistence linux persistence hunting hardening SSH PAM

Covers techniques for maintaining access to Linux systems via SSH, including key-based persistence, agent abuse, along with detection and hardening strategies for defenders. Read More

Linux Hardening: SSH

2025-03-06 DFIR SSH hardening linux hardening SSH PAM

Practical SSH hardening strategies for Linux systems, including secure configurations, key management, and attack surface reduction. Read More