Recent Posts

Linux Persistence: Startup Scripts

2024-11-10 DFIR CTF linux persistence systemd SysV init startup script

Introduction A vital feature required by most operating systems is the ability to run programs and scripts when the machine is booted, rebooted, or ... Read More

Linux Persistence: Cron

2024-11-10 DFIR CTF linux persistence cron

Introduction to Cron Persistence A very common tactic for persistence is to use the cron daemon. Cron is a service found on Linux and Unix-like ... Read More

Linux Persistence: User Accounts

2021-06-27 DFIR linux persistence

Overview Using the existing logon facilities on a *nix host is a popular and straightforward method used by attackers to persist on a system. Once an ... Read More

Review: Adversarial Tradecraft in Cybersecurity

2021-06-15 Reviews CTF

Book notes This is my review of Adversarial Tradectaft in Cybersecurity: Offense versus defense in real-time computer conflict by Dan Borges. I was ... Read More

categories

ctf dfir reviews

series

linux-persistence

tags

anti-analysis cron cryptography ctf encoding init linux malware microsoft ntapi operatingsystems pe persistence startup-script systemd sysv winapi windows yara