• @nevemsenki
    link
    English
    811 months ago

    Downsides include : if any intrusion happens on the server, red team just needs to reboot it to wipe evidence.

    • Perhyte
      link
      English
      5
      edit-2
      11 months ago

      If they have the root access typically needed to reboot a server1 they could also just wipe the logs without rebooting.

      1: GUIs typically have a way to reboot without such privileges, but those are typically not installed on machines just used as servers.