Persistence as a security boundary should be a goal of all modern operating systems. When breaking down costs/time spent during redteam ops, gaining persistence on integrity protect partitions is a top cost driver for attackershttps://twitter.com/lorenzofb/status/1229798896051904512 …
-
-
Yes but that requires the attacker to still have access to the target, which is often not the case.
-
Also gives the victim's defenders a chance to detect each re-compromise (assuming detectable). And gives the victim the chance to patch or otherwise mitigate between each re-compromise (assuming protectable).
- 33 more replies
New conversation -
-
-
For one-click or worse exploits that's a concern.. you'd want to persist in the target environment somewhere privileged enough to reinject without click if not the actual target device. You need a bigger inventory of exploits and take the observable risk of attacking environment
-
Not sure I agree, persistence isn't the goal, the attacker wanted something (e.g. access to data). I don't understand the rationale behind "Don't worry, the attacker achieved their goal, but if you reboot they will be slightly inconvenienced!". Well, thanks....?
- 5 more replies
New conversation -
-
-
(with caveats and dollar tags around 'just')
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
