Attackers may add configuration to /etc/sudoers.d/README as a persistence mechanism. The idea is that the file is supposed to be there, so it is unlikely to be scrutinized by a defender.
sudoers README file persistence
0001-01-01
Recent Posts
Linux Persistence: Startup Scripts
2024-11-10 DFIR CTF linux persistence systemd SysV init startup script
Linux Persistence: Cron
2024-11-10 DFIR CTF linux persistence cron
Linux Persistence: User Accounts
2021-06-27 DFIR linux persistence