Persistence in the context of malware refers to the ability of malicious code to survive after the exploited component is terminated or the system is rebooted.
Links to this note
- trackingteamtnt-fiser2021
- hackingteamwriteup-fisher2016
- chaos-blacklotuslabs2022
- noabot-constantin2024
- borges2021
- falseflags-kaspersky2017
- sansec-cronrat
- .profile persistence
- /etc/ld.so.preload persistence
- Autoruns
- bashrc used for persistence
- chaos-lang2023
- crontab persistence
- defendingagainstmaliciousshims-pierce2015
- evadingedr-hand2024
- gettinganattackeripaddressfromamaliciousatjob-rowland2019
- hiddenkernelmodulesextremwayreborn_g1inko2024
- hiddenwasp-intezer2019
- hilde user
- malware setting files as immutable or append only
- most observed sshd backdoors shared the same rough feature set
- persistence mechanism
- post-exploitation
- Process Injection
- rc script persistence
- replaces pam_unix.so with a malicious copy
- Skidmap malware
- sliverintro-malone2023
- SSH key persistence
- sudoers README file persistence
- systemd service persistence
- tiered persistence
- toroiseandthemalwahare-pwc2023
- unpacking diicot-tikochinski2024
- unveiling wolfsbane-sperka2024
- user account persistence
- web shell