Persistence as a security boundary should be a goal of all modern operating systems. When breaking down costs/time spent during redteam ops, gaining persistence on integrity protect partitions is a top cost driver for attackershttps://twitter.com/lorenzofb/status/1229798896051904512 …
-
-
What do you mean by retool in this case? Find a new method to achieve persistence or change approach to not assume persistence?
-
It doesn't seem like much more than a minor inconvenience, so just changing approach. We're on the same page that making "persistence" hard means an attacker has a full chain, but after reboot the device is in a known-good state, and attacker can just re-compromise?
- 35 more replies
New conversation -
-
-
Well. I have to disagree on the minimal cost. I know a guy who hacked a box that got rebuilt hourly. He couldn’t move deeper in the time frame available and after the third or fourth loss of access, he gave up in frustration. He was bitter for years
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
