Persistence in the context of malware refers to the ability of malicious code to survive after the exploited component is terminated or the system is rebooted.
Links to this note
- diamorpinecryptominer-anyrun2025
- bootkitty-vijayan2024
- Linux Persistence: Rootkits
- artoflinuxkernelrootkit-tmpout4-matheuzsec_humzak711
- Linux Persistence: Processes
- unveilingsedexp-reichert2024
- bootkit
- gettinganattackeripaddressfromamaliciousatjob-rowland2019
- toroiseandthemalwahare-pwc2023
- defendingagainstmaliciousshims-pierce2015
- hiddenwasp-intezer2019
- sliverintro-malone2023
- trackingteamtnt-fiser2021
- unpacking diicot-tikochinski2024
- unveiling wolfsbane-sperka2024
- hiddenkernelmodulesextremwayreborn_g1inko2024
- hackingteamwriteup-fisher2016
- chaos-blacklotuslabs2022
- chaos-lang2023
- noabot-constantin2024
- evadingedr-hand2024
- Autoruns
- borges2021
- post-exploitation
- most observed sshd backdoors shared the same rough feature set
- falseflags-kaspersky2017
- sansec-cronrat
- Process Injection
- .profile persistence
- /etc/ld.so.preload persistence
- bashrc used for persistence
- crontab persistence
- hilde user
- malware setting files as immutable or append only
- persistence mechanism
- rc script persistence
- replaces pam_unix.so with a malicious copy
- Skidmap malware
- SSH key persistence
- sudoers README file persistence
- systemd service persistence
- tiered persistence
- user account persistence
- web shell