Popping the Penguin - An Introduction to the Principles of Linux Persistence

Explore the principles of Linux persistence in this BSidesLV conference talk. Delve into topics such as log shipping, event correlation, user account manipulation, and mitigation strategies. Learn about netcat, listening ports, reverse connections, and crontab syntax. Discover techniques for input/output redirection, file identification, and execution. Gain insights into IDS/IPS evasion methods and their rationale. Acquire valuable knowledge on wrapping up persistence techniques and implementing effective mitigation measures. Access additional resources to further enhance your understanding of Linux security and persistence mechanisms.

Intro
Why this talk?
Hackers
Logs: Log shipping
Logs: Event Correlation and Mitigation
User accounts: Going Rogue
Iser accounts: /etc/passwd & shadow
User accounts: mitigation
Netcat
Listening ports
Reverse connections
Method 2: Crontab (syntax)
What's the point of all this?
1/0 redirection: output
1/0 redirection: the pipe
1/0 redirection: input
1/0 redirection: identifying files
1/0 redirection: execution
dev/tcp - the command
IDS/IPS evasion: the reason
IDS/IPS evasion: execution
Wrapping it all up: Mitigation
Resources