Detecting Common Attackers/Threats Persistence Methods On Your Ubuntu Server
Abstract
Once an attacker gains access to your Ubuntu server, their next goal is clear: stay undetected and maintain control. This session explores the most common persistence techniques used by threat actors and malware on Ubuntu-based systems — and, more importantly, how to detect and disrupt them.
Whether you're a sysadmin, a SOC analyst, or a developer, this talk will give you insights to spot attacker
Description
Once an attacker gains access to your Ubuntu server, their next goal is clear: stay undetected and maintain control. This session explores the most common persistence techniques used by threat actors and malware on Ubuntu-based systems — and, more importantly, how to detect and disrupt them.
I will cover a range of attacker techniques, including bash profile abuse, LD_PRELOAD, systemd implant, SSH backdoors, web-shells, cronjob abuse,etc.
Whether you're a system administrator, a SOC analyst, or a security-conscious developer, this talk will give you practical insight to spot attacker footprint
