Daniel Roberson - user account persistence

Posts
About
Notes
Projects
Posts

About

Notes

Projects

user account persistence

0001-01-01

Malware and threat actors may use user accounts as a form of persistence.

This may involve using an existing account without modification in the event of stolen credentials, modifying an existing account, or adding a new account.

Links to this note

anatomyofreallinuxintrusion-alonso2016
hiddenwasp-intezer2019
hilde user
trackingteamtnt-fiser2021

user account persistence

0001-01-01

Links to this note

Recent Posts

Linux Hardening: SSH

2025-03-06 DFIR SSH hardening linux hardening SSH PAM

Linux Anti-Forensics: Timestomping

2025-03-05 DFIR linux anti-forensics

Finding Bad with Linux Package Managers

2025-03-03 DFIR linux persistence

Linux Persistence: Startup Scripts

2024-11-10 DFIR CTF linux persistence systemd SysV init startup script

Linux Persistence: Cron

2024-11-10 DFIR CTF linux persistence cron