Linux Detection Engineering - A sequel on persistence mechanisms

In the third part of the Linux Detection Engineering series, I explore the world of more advanced Linux persistence techniques. This part builds upon the knowledge obtained from the previous persistence blog dubbed "Linux Detection Engineering - A Primer on Persistence Mechanisms". This sequel aims to equip defenders and security researchers with a more comprehensive understanding of Linux persistence. With the help of PANIX, a Linux persistence tool I developed, we will simulate these techniques, analyze the logs and observe detection opportunities. By the end, you'll have gained practical insights into both basic and more complex persistence mechanisms.

Are you interested in this research? The full paper is available at Elastic Security Labs!