2025-08-13 –, Main Hall
Once an attacker gains access to your Ubuntu server, their next goal is clear: stay undetected and maintain control. This session explores the most common persistence techniques used by threat actors and malware on Ubuntu-based systems — and, more importantly, how to detect and disrupt them.
Whether you're a sysadmin, a SOC analyst, or a developer, this talk will give you insights to spot attacker
Once an attacker gains access to your Ubuntu server, their next goal is clear: stay undetected and maintain control. This session explores the most common persistence techniques used by threat actors and malware on Ubuntu-based systems — and, more importantly, how to detect and disrupt them.
I will cover a range of attacker techniques, including bash profile abuse, LD_PRELOAD, systemd implant, SSH backdoors, web-shells, cronjob abuse,etc.
Whether you're a system administrator, a SOC analyst, or a security-conscious developer, this talk will give you practical insight to spot attacker footprint
Tahaa Farooq is a cybersecurity researcher with almost 5 years of experience, He has uncovered 3 CVEs verified by NIST. He also holds the following certifications eJPT, OSCC, OSCP, OSWP, OSDA, OSWA, CRTO, OSEP