Recent Posts
Linux Persistence: Modular Software
2025-04-17 DFIR CTF persistence linux persistence apache asterisk
How attackers can persist on Linux systems using modular or extensible software--and what to do about it. Read More
Linux Persistence: Web Shells
2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP
How attackers maintain access to Linux systems using web shells, plus practical advice on prevention and detection strategies. Read More
Linux Persistence: Rootkits
2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking
Explore how rootkits provide stealthy persistence on Linux systems, with practical strategies to detect and prevent them. Read More
Linux Persistence: Processes
2025-04-11 DFIR persistence processes linux persistence processes
Learn how attackers use malicious or hidden processes to persist on Linux systems, and how to detect and investigate them effectively. Read More
Defanging Linux LKM Rootkits With cleanup_module()
2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit
Demonstrates how to forcibly unhook Linux kernel rootkits (and some EDR products) by calling their cleanup_module() function. Read More
Linux Persistence: atd
2025-04-01 DFIR CTF linux persistence at atd
How attackers abuse the atd scheduling system for persistence, with detection and hardening tips for defenders. Read More
Linux Persistence: SSH
2025-03-29 DFIR CTF SSH hardening hunting persistence linux persistence hunting hardening SSH PAM
Covers techniques for maintaining access to Linux systems via SSH, including key-based persistence, agent abuse, along with detection and hardening strategies for defenders. Read More
Linux Hardening: SSH
2025-03-06 DFIR SSH hardening linux hardening SSH PAM
Practical SSH hardening strategies for Linux systems, including secure configurations, key management, and attack surface reduction. Read More