0xMatheuZ / red team notes / offensive security research / pentest
Red Team Operator, Offensive Security Researcher, and Pentester
Linux-focused offensive security research, evasion notes, pentest experiments, and post-exploitation write-ups.
Discord Join Rootkit ResearchersRecent posts
Technical write-ups on red team operations, offensive security research, Linux internals, persistence, and detection-aware offense.
Hello everyone, welcome to this post, where I will cover the topic “Linux Threat Hunting Persistence”. The objective of this post is to learn how to hunt for persistence on Linux machines, without using paid tools/framework, just using the tools that are already available (open source) for anyone to download and use and also using Linux’s own resources to be able to do hunt for persistence. Below is what we will cover in this post. ...
Full source: https://github.com/MatheuZSecurity/RingReaper Table of Contents Introduction What is io_uring? The Agent Code Analysis How Does the EDR Typically Fail Here? Practical EDR Bypass Python C2 Server Flow Defensive Reflections Conclusion Introduction Each year, new security solutions emerge to protect Linux systems against increasingly sophisticated threats. Technologies such as EDR (Endpoint Detection and Response) evolve rapidly, making the work of an attacker more challenging. We, as red teamers, we need to stay one step ahead, seeking to understand not only the defenses, but also how to creatively circumvent them. ...