Popping the Penguin: a beginner’s look at Linux persistence presented at GrrCon 2013

by Mark Kikta,

Summary : Breaking in is half the battle. I’ve talked to so many people whose only objective is to try and break into systems. I get that. It’s awesome, the rush you get when you bring up that shell. But what then what? Ops hardening does not end at the outer shell. Once you’re in, you still have to navigate the maze of files, directories, and permissions that is the Linux file system. This discussion will cover log sanitization, rogue user accounts, utilizing simple netcat commands to create an open port, combining netcat with crontab to create access windows, utilizing /dev/tcp to create a reverse shell, obfuscation to avoid IDS/IPS, and providing examples of these commands at each step of the way. VERY basic previous Linux experience is a bonus but not required. If breaking in is half the battle, staying in wins the war.