Often, threat actors will reuse distinct passwords in separate incidents. This allows analysts to provide loose attribution to separate incidents being perpetrated by the same group or individual actor.
attribution by password reuse
0001-01-01
Recent Posts
Linux Persistence: atd
2025-04-01 DFIR CTF linux persistence at atd
Linux Persistence: SSH
2025-03-29 DFIR CTF SSH hardening hunting persistence linux persistence hunting hardening SSH PAM