YoVDO

Catching Linux Post-Exploitation with Auditd

Offered By: BSidesLV via YouTube

Tags

Security BSides Courses Cybersecurity Courses System Calls Courses Linux Security Courses

Course Description

Overview

Explore Linux post-exploitation detection using Auditd in this 22-minute conference talk from BSidesLV 2015. Delve into the motivations behind Auditd, its background, and key components such as system calls and audit rules. Learn about example configurations, file watch roles, and reporting examples. Examine an attack scenario, including setup, execve results, false positives, and post-behavior solutions. Gain insights into effective Linux security monitoring and threat detection techniques.

Syllabus

Intro
Why Auditd
Motivation
Background
Outline
System Calls
Julia Evans zine
Open call
Addie
Addie History
Oddity
Audit Rules
Example Configuration
File Watch Role
Reporting Example
Attack Scenario
Attack Setup
execve
results
false positives
post behavior
solutions
questions


Taught by

BSidesLV

Related Courses

操作系统原理(Operating Systems)
Peking University via Coursera Operating System
Indian Institute of Technology Delhi via Swayam Linux kernel Module and driver Programming for x86
Udemy Architecture 2001: x86-64 OS Internals
OpenSecurityTraining2 via Independent Socket Programming in C
Udemy