Persistence as a security boundary should be a goal of all modern operating systems. When breaking down costs/time spent during redteam ops, gaining persistence on integrity protect partitions is a top cost driver for attackershttps://twitter.com/lorenzofb/status/1229798896051904512 …
This still makes no sense. Unless you are proposing rolling hourly reboots, then you need to be detected before taking action and resetting to a known good state, right?
-
-
Not proposing hourly reboots :) But some device classes (phones, for example) do get restarted more than others (old-school monolithic web servers).
-
Sure, perhaps weekly maybe daily at a stretch, isn't being compromised that long bad enough? I know I wouldn't feel much better if you told me an attacker had kernel code exec, but only for a few days!
- 28 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
