Daniel Roberson - Linux Persistence

Linux Persistence: Modular Software

2025-04-17 DFIR CTF persistence linux persistence apache asterisk

How attackers can persist on Linux systems using modular or extensible software--and what to do about it. Read More

Linux Persistence: Web Shells

2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP

How attackers maintain access to Linux systems using web shells, plus practical advice on prevention and detection strategies. Read More

Linux Persistence: Rootkits

2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking

Explore how rootkits provide stealthy persistence on Linux systems, with practical strategies to detect and prevent them. Read More

Linux Persistence: Processes

2025-04-11 DFIR persistence processes linux persistence processes

Learn how attackers use malicious or hidden processes to persist on Linux systems, and how to detect and investigate them effectively. Read More

Linux Persistence: atd

2025-04-01 DFIR CTF linux persistence at atd

How attackers abuse the atd scheduling system for persistence, with detection and hardening tips for defenders. Read More

Linux Persistence: SSH

2025-03-29 DFIR CTF SSH hardening hunting persistence linux persistence hunting hardening SSH PAM

Covers techniques for maintaining access to Linux systems via SSH, including key-based persistence, agent abuse, along with detection and hardening strategies for defenders. Read More

Finding Bad with Linux Package Managers

2025-03-03 DFIR linux persistence

Learn how to hunt for malicious or unauthorized software on Linux systems using package managers like apt, dpkg, and RPM. Read More

Linux Persistence: Cron

2024-11-10 DFIR CTF linux persistence cron

How cron jobs are abused for persistence on Linux systems, including common techniques, detection methods, and mitigation tips. Read More

Linux Persistence: Startup Scripts

2024-11-10 DFIR CTF linux persistence systemd SysV init startup script

Details how attackers leverage Linux startup scripts for persistence, with examples from rc files, init systems, along with detection strategies. Read More

Linux Persistence: User Accounts

2021-06-27 DFIR linux persistence

Explore how attackers create or abuse user accounts for persistence on Linux systems, with tips for auditing and detection. Read More