Persistence as a security boundary should be a goal of all modern operating systems. When breaking down costs/time spent during redteam ops, gaining persistence on integrity protect partitions is a top cost driver for attackershttps://twitter.com/lorenzofb/status/1229798896051904512 …
-
-
I mean you do have a point where the attack originated on the end target. In other scenarios, losing persistence on a foothold you are pivoting from to a broad network compromise is an actual cost driver.
-
I'm pretty skeptical there's any benefit. If today's playbook assumes persistence is trivial, then sure, there's a one-time cost to re-tool when that changes, but that's true of lots of low-quality mitigations...
- 27 more replies
New conversation -
-
-
Which is worse, "The baddies stole stuff from this computer once", or "The baddies stole stuff from this computer once and now you have to trash it as it's never trustable again"
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
