Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Catching Linux Post-Exploitation with Auditd

BSidesLV via YouTube

Start learning Write review
Corporate Finance Institute Ad

35% Off Finance Skills That Get You Hired - Code CFI35

Learn More → Coursera Ad

Gain a Splash of New Skills - Coursera+ Annual Nearly 45% Off

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore Linux post-exploitation detection using Auditd in this 22-minute conference talk from BSidesLV 2015. Delve into the motivations behind Auditd, its background, and key components such as system calls and audit rules. Learn about example configurations, file watch roles, and reporting examples. Examine an attack scenario, including setup, execve results, false positives, and post-behavior solutions. Gain insights into effective Linux security monitoring and threat detection techniques.

Syllabus

Intro
Why Auditd
Motivation
Background
Outline
System Calls
Julia Evans zine
Open call
Addie
Addie History
Oddity
Audit Rules
Example Configuration
File Watch Role
Reporting Example
Attack Scenario
Attack Setup
execve
results
false positives
post behavior
solutions
questions

Taught by

BSidesLV

Reviews

Start your review of Catching Linux Post-Exploitation with Auditd

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.