Recent Posts
Linux Persistence: atd
2025-04-01 DFIR CTF linux persistence at atd
Linux Persistence: atd and at Jobs On Linux and Unix-like systems, the atd daemon allows users to schedule one-time command execution. It is similar ... Read More
Linux Persistence: SSH
2025-03-29 DFIR CTF SSH hardening hunting persistence linux persistence hunting hardening SSH PAM
Linux Persistence: SSH This is a long-form blog post about methods attackers use to achieve persistence by leveraging SSH on Linux and Unix-like ... Read More
Linux Hardening: SSH
2025-03-06 DFIR SSH hardening linux hardening SSH PAM
Introduction This is a basic guide to hardening OpenSSH systems with a focus on Debian and Ubuntu systems. Most of these settings will also work on ... Read More
Linux Anti-Forensics: Timestomping
2025-03-05 DFIR linux anti-forensics
What is Timestomping? Timestomping is an anti-forensics technique used to modify the timestamps of files on the file system, allowing attackers to ... Read More
Finding Bad with Linux Package Managers
2025-03-03 DFIR linux persistence
Full-disclosure: I wrote about this on my previous blog https://dmfrsecurity.com/2020/02/25/finding-bad-with-package-managers/ and most of the content ... Read More
Linux Persistence: Startup Scripts
2024-11-10 DFIR CTF linux persistence systemd SysV init startup script
Introduction A vital feature required by most operating systems is the ability to run programs and scripts when the machine is booted, rebooted, or ... Read More
Linux Persistence: Cron
2024-11-10 DFIR CTF linux persistence cron
Introduction to Cron Persistence A very common tactic for persistence is to use the cron daemon. Cron is a service found on Linux and Unix-like ... Read More
Linux Persistence: User Accounts
2021-06-27 DFIR linux persistence
Overview Using the existing logon facilities on a *nix host is a popular and straightforward method used by attackers to persist on a system. Once an ... Read More