Persistence as a security boundary should be a goal of all modern operating systems. When breaking down costs/time spent during redteam ops, gaining persistence on integrity protect partitions is a top cost driver for attackershttps://twitter.com/lorenzofb/status/1229798896051904512 …
That doesn't make any sense, attackers already need to avoid detection, and defenders can already reimage and patch or mitigate. This "persistence" thing just seems buzzwordy to me.
-
-
Avoiding detection N times is harder than avoiding detection 1 time (especially with N spanning multiple days/weeks/months). An attacker who gets a persistent foothold can prevent patching or create another backdoor, but w/o persistence they need to keep recompromising.
-
This still makes no sense. Unless you are proposing rolling hourly reboots, then you need to be detected before taking action and resetting to a known good state, right?
- 30 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
