crontab persistence
0001-01-01
Malware on Linux and Unix-like systems may install malicious cron jobs as a persistence mechanism. This can occur within a specific user’s crontab file, or the system-wide crontab files.
This kind of persistence is usually installed by appending a line to the affected user’s crontab file or with the crontab command.
This technique is cataloged in MITRE ATT&CK: https://attack.mitre.org/techniques/T1053/003/
Linux Persistence: Modular Software
2025-04-17 DFIR CTF persistence linux persistence apache asterisk
Linux Persistence: Web Shells
2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP
Linux Persistence: Rootkits
2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking
Defanging Linux LKM Rootkits With cleanup_module()
2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit