Update Linux - Persistence.md
parent
734bb7ce98
commit
f1d55a132a
|
@ -13,6 +13,7 @@
|
|||
* [Backdooring the APT](#backdooring-the-apt)
|
||||
* [Backdooring the SSH](#backdooring-the-ssh)
|
||||
* [Tips](#tips)
|
||||
* [Adicional Linux Persistence Options](#Adicional-Persistence-Options)
|
||||
* [References](#references)
|
||||
|
||||
|
||||
|
@ -180,6 +181,33 @@ The following directories are temporary and usually writeable
|
|||
/tmp/
|
||||
/dev/shm/
|
||||
```
|
||||
## Adicional Persistence Options
|
||||
|
||||
* [SSH Authorized Keys](https://attack.mitre.org/techniques/T1098/004)
|
||||
* [Compromise Client Software Binary](https://attack.mitre.org/techniques/T1554)
|
||||
* [Create Account](https://attack.mitre.org/techniques/T1136/)
|
||||
* [Create Account: Local Account](https://attack.mitre.org/techniques/T1136/001/)
|
||||
* [Create or Modify System Process](https://attack.mitre.org/techniques/T1543/)
|
||||
* [Create or Modify System Process: Systemd Service](https://attack.mitre.org/techniques/T1543/002/)
|
||||
* [Event Triggered Execution: Trap](https://attack.mitre.org/techniques/T1546/005/)
|
||||
* [Event Triggered Execution](https://attack.mitre.org/techniques/T1546/)
|
||||
* [Event Triggered Execution: .bash_profile and .bashrc](https://attack.mitre.org/techniques/T1546/004/)
|
||||
* [External Remote Services](https://attack.mitre.org/techniques/T1133/)
|
||||
* [Hijack Execution Flow](https://attack.mitre.org/techniques/T1574/)
|
||||
* [Hijack Execution Flow: LD_PRELOAD](https://attack.mitre.org/techniques/T1574/006/)
|
||||
* [Pre-OS Boot](https://attack.mitre.org/techniques/T1542/)
|
||||
* [Pre-OS Boot: Bootkit](https://attack.mitre.org/techniques/T1542/003/)
|
||||
* [Scheduled Task/Job](https://attack.mitre.org/techniques/T1053/)
|
||||
* [Scheduled Task/Job: At (Linux)](https://attack.mitre.org/techniques/T1053/001/)
|
||||
* [Scheduled Task/Job: Cron](https://attack.mitre.org/techniques/T1053/003/)
|
||||
* [Server Software Component](https://attack.mitre.org/techniques/T1505/)
|
||||
* [Server Software Component: SQL Stored Procedures](https://attack.mitre.org/techniques/T1505/001/)
|
||||
* [Server Software Component: Transport Agent](https://attack.mitre.org/techniques/T1505/002/)
|
||||
* [Server Software Component: Web Shell](https://attack.mitre.org/techniques/T1505/003/)
|
||||
* [Traffic Signaling](https://attack.mitre.org/techniques/T1205/)
|
||||
* [Traffic Signaling: Port Knocking](https://attack.mitre.org/techniques/T1205/001/)
|
||||
* [Valid Accounts: Default Accounts](https://attack.mitre.org/techniques/T1078/001/)
|
||||
* [Valid Accounts: Domain Accounts 2](https://attack.mitre.org/techniques/T1078/002/)
|
||||
|
||||
## References
|
||||
|
||||
|
@ -187,4 +215,4 @@ The following directories are temporary and usually writeable
|
|||
* [https://blogs.gnome.org/muelli/2009/06/g0t-r00t-pwning-a-machine/](https://blogs.gnome.org/muelli/2009/06/g0t-r00t-pwning-a-machine/)
|
||||
* [http://turbochaos.blogspot.com/2013/09/linux-rootkits-101-1-of-3.html](http://turbochaos.blogspot.com/2013/09/linux-rootkits-101-1-of-3.html)
|
||||
* [http://www.jakoblell.com/blog/2014/05/07/hacking-contest-rootkit/](http://www.jakoblell.com/blog/2014/05/07/hacking-contest-rootkit/)
|
||||
* [Pouki from JDI](#no_source_code)
|
||||
* [Pouki from JDI](#no_source_code)
|
||||
|
|
Loading…
Reference in New Issue