Threat hunting based on MITRE Tactic Persistence on Linux systems

Abstract

In the realm of cybersecurity, identifying and mitigating persistent threats on Linux systems is a paramount challenge. As organisations increasingly rely on Linux environments for critical operations, the need to proactively hunt for potential threats becomes imperative. Persistent threats, often designed to evade traditional security measures, pose a significant risk to the integrity and confidentiality of sensitive information. The existing threat landscape necessitates a specialised approach that goes beyond conventional security measures. The challenge lies in devising a comprehensive 16 threat hunting methodology tailored to Linux systems, specifically addressing the intricacies of adversary persistence techniques. This Capstone Project aims to bridge this gap by developing a sophisticated threat hunting system capable of detecting and neutralising threats aligned with MITRE's Persistence tactic on Linux platforms. The proposed solution will delve into the nuanced behaviours and tactics employed by adversaries seeking to maintain a persistent foothold within Linux environments. By aligning with MITRE's framework, the project endeavours to enhance the organisation's ability to preemptively identify and counteract these persistent threats, fortifying the security posture of Linux systems. Key aspects of the problem include the dynamic and evolving nature of cyber threats, the diversity of Linux-based infrastructure across organisations, and the need for a proactive, intelligence-driven threat hunting approach. The project will address these challenges by leveraging MITRE's extensive knowledge base and creating a specialised methodology for detecting and responding to persistent threats on Linux systems.