- Hunting for Persistence in Linux - SecTalks SYD0x4D (77th)TikTok, Sydney, AL
Get your tickets for SecTalks 10th Year Anniversary Summit. 11 Nov 2023. Final batch of tickets are released.
# Presentation: Hunting for Persistence in Linux
This talk explores methods attackers might use to maintain persistent access to a compromised linux system. It will be going through persistence techniques mentioned in the MITRE framework by showing concrete ways to implement this as an attacker and what a defender can do to detect these techniques.
This will be based on work I've already published in my personal blog- https://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/
- https://pberba.github.io/security/2021/11/23/linux-threat-hunting-for-persistence-account-creation-manipulation/
- https://pberba.github.io/security/2022/01/30/linux-threat-hunting-for-persistence-systemd-timers-cron/
- https://pberba.github.io/security/2022/02/06/linux-threat-hunting-for-persistence-initialization-scripts-and-shell-configuration/
- https://pberba.github.io/security/2022/02/07/linux-threat-hunting-for-persistence-systemd-generators/
by Pepe Berba (@pberba)
Currently a security engineer in Canva in the Threat Detection and Hunting team. I've worked in security for 4 years and previously worked in machine learning in a data science consultancy for 2 years.# Sponsors
- Google (https://careers.google.com)
- SecDim (https://play.secdim.com)
- TikTok (https://www.tiktok.com/@tiktok_australia)
# Notes
- For sponsoring SecTalks Sydney, contact sydney@sectalks.org
- To speak at SecTalks, fill up https://j.mp/sectalkscfp
