From f1d55a132abdb849d7ff9f745c6dcc946c32503a Mon Sep 17 00:00:00 2001
From: zero77 <zero77@users.noreply.github.com>
Date: Wed, 2 Sep 2020 09:43:25 +0000
Subject: [PATCH] Update Linux - Persistence.md

---
 .../Linux - Persistence.md                    | 30 ++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/Methodology and Resources/Linux - Persistence.md b/Methodology and Resources/Linux - Persistence.md
index 7007e2c..8d7af18 100644
--- a/Methodology and Resources/Linux - Persistence.md	
+++ b/Methodology and Resources/Linux - Persistence.md	
@@ -13,6 +13,7 @@
 * [Backdooring the APT](#backdooring-the-apt)
 * [Backdooring the SSH](#backdooring-the-ssh)
 * [Tips](#tips)
+* [Adicional Linux Persistence Options](#Adicional-Persistence-Options)
 * [References](#references)
 
 
@@ -180,6 +181,33 @@ The following directories are temporary and usually writeable
 /tmp/
 /dev/shm/
 ```
+## Adicional Persistence Options
+
+* [SSH Authorized Keys](https://attack.mitre.org/techniques/T1098/004)
+* [Compromise Client Software Binary](https://attack.mitre.org/techniques/T1554)
+* [Create Account](https://attack.mitre.org/techniques/T1136/)
+* [Create Account: Local Account](https://attack.mitre.org/techniques/T1136/001/)
+* [Create or Modify System Process](https://attack.mitre.org/techniques/T1543/)
+* [Create or Modify System Process: Systemd Service](https://attack.mitre.org/techniques/T1543/002/)
+* [Event Triggered Execution: Trap](https://attack.mitre.org/techniques/T1546/005/) 
+* [Event Triggered Execution](https://attack.mitre.org/techniques/T1546/)
+* [Event Triggered Execution: .bash_profile and .bashrc](https://attack.mitre.org/techniques/T1546/004/)
+* [External Remote Services](https://attack.mitre.org/techniques/T1133/)
+* [Hijack Execution Flow](https://attack.mitre.org/techniques/T1574/)
+* [Hijack Execution Flow: LD_PRELOAD](https://attack.mitre.org/techniques/T1574/006/)
+* [Pre-OS Boot](https://attack.mitre.org/techniques/T1542/)
+* [Pre-OS Boot: Bootkit](https://attack.mitre.org/techniques/T1542/003/)
+* [Scheduled Task/Job](https://attack.mitre.org/techniques/T1053/) 
+* [Scheduled Task/Job: At (Linux)](https://attack.mitre.org/techniques/T1053/001/)
+* [Scheduled Task/Job: Cron](https://attack.mitre.org/techniques/T1053/003/)
+* [Server Software Component](https://attack.mitre.org/techniques/T1505/)
+* [Server Software Component: SQL Stored Procedures](https://attack.mitre.org/techniques/T1505/001/)
+* [Server Software Component: Transport Agent](https://attack.mitre.org/techniques/T1505/002/) 
+* [Server Software Component: Web Shell](https://attack.mitre.org/techniques/T1505/003/) 
+* [Traffic Signaling](https://attack.mitre.org/techniques/T1205/)
+* [Traffic Signaling: Port Knocking](https://attack.mitre.org/techniques/T1205/001/)
+* [Valid Accounts: Default Accounts](https://attack.mitre.org/techniques/T1078/001/) 
+* [Valid Accounts: Domain Accounts 2](https://attack.mitre.org/techniques/T1078/002/)
 
 ## References
 
@@ -187,4 +215,4 @@ The following directories are temporary and usually writeable
 * [https://blogs.gnome.org/muelli/2009/06/g0t-r00t-pwning-a-machine/](https://blogs.gnome.org/muelli/2009/06/g0t-r00t-pwning-a-machine/)
 * [http://turbochaos.blogspot.com/2013/09/linux-rootkits-101-1-of-3.html](http://turbochaos.blogspot.com/2013/09/linux-rootkits-101-1-of-3.html)
 * [http://www.jakoblell.com/blog/2014/05/07/hacking-contest-rootkit/](http://www.jakoblell.com/blog/2014/05/07/hacking-contest-rootkit/)
-* [Pouki from JDI](#no_source_code)
\ No newline at end of file
+* [Pouki from JDI](#no_source_code)