Daniel Roberson

Security Research

Daniel's Web Page

A blog about security research, technology, and hacking.

Recent Posts

Linux Persistence: atd

2025-04-01 DFIR CTF linux persistence at atd

Linux Persistence: atd and at Jobs On Linux and Unix-like systems, the atd daemon allows users to schedule one-time command execution. It is similar ... Read More

Linux Persistence: SSH

2025-03-29 DFIR CTF SSH hardening hunting persistence linux persistence hunting hardening SSH PAM

Linux Persistence: SSH This is a long-form blog post about methods attackers use to achieve persistence by leveraging SSH on Linux and Unix-like ... Read More

Linux Hardening: SSH

2025-03-06 DFIR SSH hardening linux hardening SSH PAM

Introduction This is a basic guide to hardening OpenSSH systems with a focus on Debian and Ubuntu systems. Most of these settings will also work on ... Read More

Linux Anti-Forensics: Timestomping

2025-03-05 DFIR linux anti-forensics

What is Timestomping? Timestomping is an anti-forensics technique used to modify the timestamps of files on the file system, allowing attackers to ... Read More

Finding Bad with Linux Package Managers

2025-03-03 DFIR linux persistence

Full-disclosure: I wrote about this on my previous blog https://dmfrsecurity.com/2020/02/25/finding-bad-with-package-managers/ and most of the content ... Read More

Linux Persistence: Startup Scripts

2024-11-10 DFIR CTF linux persistence systemd SysV init startup script

Introduction A vital feature required by most operating systems is the ability to run programs and scripts when the machine is booted, rebooted, or ... Read More

Linux Persistence: Cron

2024-11-10 DFIR CTF linux persistence cron

Introduction to Cron Persistence A very common tactic for persistence is to use the cron daemon. Cron is a service found on Linux and Unix-like ... Read More

Linux Persistence: User Accounts

2021-06-27 DFIR linux persistence

Overview Using the existing logon facilities on a *nix host is a popular and straightforward method used by attackers to persist on a system. Once an ... Read More