Skip to content

Security: BackdoorAli/linux-less-persistence

Security

SECURITY.md

Security Policy

Author

BackdoorAli
GitHub: https://github.com/BackdoorAli

Scope & Supported Use

The Linux Less-Persistence project is a defensive security research project/toolkit. Its scope is limited to auditing, detection, and analysis of persistence-related signals on Linux systems.

Supported security-related feedback includes:

  • Logic errors or bugs in detection modules
  • False positives or false negatives in heuristics
  • Unsafe assumptions or edge cases
  • Performance or stability issues
  • Documentation inaccuracies that may cause misuse or confusion

This project does not support or accept:

  • Exploit code
  • Payloads or weaponised scripts
  • Step-by-step persistence deployment techniques
  • Instructions for bypassing security controls
  • Offensive tradecraft automation

Reporting a Vulnerability

If you believe you have found a security-relevant issue in this project, please report it privately.

Preferred method

Please do not disclose vulnerabilities publicly via:

  • GitHub Issues
  • Pull request comments
  • Discussions
  • Social media

until the issue has been reviewed and addressed.

What to Include in a Report

When reporting an issue, please include:

  • A clear description of the issue
  • Affected module(s) or file(s)
  • Expected vs actual behavior
  • Relevant logs or error output (if applicable)
  • Any steps required to reproduce the issue without including exploit code

Avoid including operational attack details.

Responsible Disclosure

This project follows a responsible disclosure philosophy.

By reporting an issue, you agree to:

  • Allow reasonable time for review and remediation
  • Avoid publishing exploit details or proof-of-concept attacks
  • Coordinate with the maintainer if public disclosure is appropriate

The goal is to improve defensive quality without enabling misuse.

Out-of-Scope Content

The following content will be rejected or removed if submitted:

  • Persistence installation guides
  • Exploitation workflows
  • Obfuscation or evasion techniques
  • Malicious payload examples
  • Content encouraging unauthorised access

Repeated violations may result in issue closure or blocking.

Ethical & Legal Use Reminder

You must only use this software on systems you own or are explicitly authorised to assess.

Users are responsible for complying with all applicable laws and regulations.

The maintainer does not endorse or condone malicious or unauthorised use of this software.

Final Note

Security research requires balance:

  • Transparency without enablement
  • Education without exploitation
  • Defense without harm

This policy exists to maintain that balance.

There aren’t any published security advisories