Tim Brown

### Area Defensive tools ### Parent threat Persistence, Defense Evasion ### Finding https://www.volatilityfoundation.org/releases-vol3 ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component...

### Area Offensive techniques ### Parent threat Persistence ### Finding http://www.hick.org/code/skape/papers/remote-library-injection.pdf ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component Linux ###...

### Area Defensive tools ### Parent threat _No response_ ### Finding https://izyknows.medium.com/linux-auditd-for-threat-detection-d06c8b941505 ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component Linux...

### Area Defensive tools ### Parent threat Persistence, Privilege Escalation, Defense Evasion ### Finding https://grsecurity.net/tetragone_a_lesson_in_security_fundamentals ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_...

### Area Defensive tools ### Parent threat Persistence, Defense Evasion, Credential Access, Command and Control ### Finding https://github.com/CiscoCXSecurity/presentations/blob/master/Auditd%20for%20the%20newly%20threatened.pdf ### Industry reference https://github.com/timb-machine/linux-malware/issues/156 https://github.com/timb-machine/linux-malware/issues/418 https://github.com/timb-machine/linux-malware/issues/420 uses:BPF attack:T1036:Masquerading attack:T1070:Indicator Removal on Host...

### Area Defensive tools ### Parent threat _No response_ ### Finding https://github.com/alex-cart/LEAF ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component Linux...

### Area Offensive tools ### Parent threat Persistence ### Finding https://github.com/NixOS/patchelf ### Industry reference attack:T1574.006:Dynamic Linker Hijacking ### Malware reference _No response_ ### Actor reference _No response_ ### Component Linux...

### Area Defensive tools ### Parent threat _No response_ ### Finding https://youtu.be/16_EAsYAApI ### Industry reference _No response_ ### Malware reference _No response_ ### Actor reference _No response_ ### Component Linux...

### Area Defensive tools ### Parent threat Persistence, Defense Evasion, Command and Control ### Finding https://github.com/snapattack/bpfdoor-scanner ### Industry reference uses:BPF attack:T1036:Masquerading attack:T1070:Indicator Removal on Host attack:T1205:Traffic Signaling ### Malware reference...

### Area Offensive techniques ### Parent threat Persistence, Defense Evasion ### Finding https://2018.zeronights.ru/wp-content/uploads/materials/09-ELF-execution-in-Linux-RAM.pdf ### Industry reference attack:T1620:Reflective Code Loading ### Malware reference _No response_ ### Actor reference _No response_ ###...