Hunting for Persistence in Linux
# https://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/
# https://pberba.github.io/security/2021/11/23/linux-threat-hunting-for-persistence-account-creation-manipulation/
#blueteam #redteam #DFIR #security
# https://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/
# https://pberba.github.io/security/2021/11/23/linux-threat-hunting-for-persistence-account-creation-manipulation/
#blueteam #redteam #DFIR #security
pepe berba
Hunting for Persistence in Linux (Part 1): Auditd, Sysmon, Osquery (and Webshells)
An introduction to monitoring and logging in linux to look for persistence.
👍1
Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign
StellarParticle, an adversary campaign associated with COZY BEAR, was active throughout 2021 leveraging novel tactics and techniques in supply chain attacks observed by CrowdStrike incident responders
https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/
#threatintel #dfir #blueteam #malware
StellarParticle, an adversary campaign associated with COZY BEAR, was active throughout 2021 leveraging novel tactics and techniques in supply chain attacks observed by CrowdStrike incident responders
https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/
#threatintel #dfir #blueteam #malware