Linux Detection Engineering - A primer on persistence mechanisms

Overview

In this second installment of the Linux Detection Engineering series, I delve into Linux persistence mechanisms, exploring both common and complex techniques to enhance the knowledge of defenders and security researchers. I examine how these persistence methods operate, how to set them up, and most importantly, how to detect and hunt for them effectively. With the help of PANIX, a Linux persistence tool I developed, I’ll demonstrate practical examples and detection strategies, ensuring you gain a solid understanding of these crucial techniques. Let's dive into the world of Linux persistence!

Are you interested in this research? The full paper is available at Elastic Security Labs!