Created
August 30, 2023 02:13
-
-
Save subfission/55c9bbe28054f7b47d07996d3da8b8db to your computer and use it in GitHub Desktop.
Revisions
-
subfission created this gist
Aug 30, 2023 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,38 @@ # Persistence Methods Various persistence methods that can be investigated. SHA Checksum Command (MAC OS) ``` shasum -a 512 FILE ``` References * https://theevilbit.github.io/categories/persistence/ * https://github.com/kcrawford/dockutil ### Dock Persitance ``` plutil -p Library/Preferences/com.apple.dock.plist ``` Check out dockutil for free plist dock editing resource. ### Auditd Shell Script ``` grep -v '^#' /etc/security/audit_warn ``` Script triggered by `sudo audit -n` command. ### Man Path ``` grep -v '^#' /private/etc/man.conf ``` ### SHA Hashes ``` 55f159eb497aebedd321e3da27aab2377298ae458da327aa9c6a86acbf8c66dbd6ce499ae31d4b1066fde8a151c7fdffb65bbf46eea898a15f232ab7e8664aa9 /etc/security/audit_warn 385577eb3b69379d55660fe9b277f4a29fb1eba0b27c39728e5acdddf64337c4244a92211ae4747c3efe2dc6ce9986b8efe3b9196bfcd7cc7dbb1df317c32a08 /private/etc/man.conf ```