Linux Persistence: Modular Software

2025-04-17 DFIR CTF persistence linux persistence apache asterisk

How attackers can persist on Linux systems using modular or extensible software--and what to do about it. Read More

Linux Persistence: atd

2025-04-01 DFIR CTF linux persistence at atd

How attackers abuse the atd scheduling system for persistence, with detection and hardening tips for defenders. Read More

Linux Persistence: SSH

2025-03-29 DFIR CTF SSH hardening hunting persistence linux persistence hunting hardening SSH PAM

Covers techniques for maintaining access to Linux systems via SSH, including key-based persistence, agent abuse, along with detection and hardening strategies for defenders. Read More

Linux Persistence: Cron

2024-11-10 DFIR CTF linux persistence cron

How cron jobs are abused for persistence on Linux systems, including common techniques, detection methods, and mitigation tips. Read More

Linux Persistence: Startup Scripts

2024-11-10 DFIR CTF linux persistence systemd SysV init startup script

Details how attackers leverage Linux startup scripts for persistence, with examples from rc files, init systems, along with detection strategies. Read More