/tags/persistence/ Recent content in Persistence on Vanilla InfoSec Hugo -- gohugo.io en Thu, 04 Sep 2025 00:00:00 +0000 /posts/rust-malware-development---linux-keylogger/ Thu, 04 Sep 2025 00:00:00 +0000 /posts/rust-malware-development---linux-keylogger/ Overview Keyloggers remain a valid TTP for offering deep insight into user behavior. I wanted to write one in Rust aiming for a binary that was memory-safe and efficient (I’m really just learning Rust because it’s trendy and my coworkers like using it). We will be leveraging the evdev interface — the Linux kernel’s raw input event device system. This gives us direct, low-noise access to keystroke events from /dev/input/event* /posts/establishing-persistent-remote-access-to-linux-systems---systemd-backdoor-services/ Wed, 03 Sep 2025 00:00:00 +0000 /posts/establishing-persistent-remote-access-to-linux-systems---systemd-backdoor-services/ Overview Systemd services are the standard means for managing persistent processes in most modern Linux distributions. Because services start automatically with the system during the init sequence, adversaries often abuse them for persistent access to target systems. A stealthy backdoor service may masquerade itself as a legitimate system component and launch attacker-controlled payloads at boot. This enables hackers with the opportunity to re-enter an environment if something does not go according to plan.