analyzing-persistence-mechanisms-in-linux

Installation
SKILL.md

Analyzing Persistence Mechanisms in Linux

Overview

Adversaries establish persistence on Linux systems through crontab jobs, systemd service/timer units, LD_PRELOAD library injection, shell profile modifications (.bashrc, .profile), SSH authorized_keys backdoors, and init script manipulation. This skill scans for all known persistence vectors, checks file timestamps and integrity, and correlates findings with auditd logs to build a timeline of persistence installation.

When to Use

  • When investigating security incidents that require analyzing persistence mechanisms in linux
  • When building detection rules or threat hunting queries for this domain
  • When SOC analysts need structured procedures for this analysis type
  • When validating security monitoring coverage for related attack techniques

Prerequisites

Installs
186
GitHub Stars
24.2K
First Seen
Mar 15, 2026
analyzing-persistence-mechanisms-in-linux — mukul975/anthropic-cybersecurity-skills