<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Authorized-Keys-Persistence on Joshua's Notebook</title><link>https://burnett.sh/tags/authorized-keys-persistence/</link><description>Recent content in Authorized-Keys-Persistence on Joshua's Notebook</description><generator>Hugo</generator><language>en</language><lastBuildDate>Wed, 08 Jul 2026 09:00:00 -0500</lastBuildDate><atom:link href="https://burnett.sh/tags/authorized-keys-persistence/index.xml" rel="self" type="application/rss+xml"/><item><title>Attack Observation: RedTail Cryptominer Delivered over SSH</title><link>https://burnett.sh/posts/attack-observation-07-08-2026/</link><pubDate>Wed, 08 Jul 2026 09:00:00 -0500</pubDate><guid>https://burnett.sh/posts/attack-observation-07-08-2026/</guid><description>Incident writeup of a RedTail cryptominer campaign against a DShield honeypot: default-credential SSH access, two-stage loader, SFTP payload delivery, MITRE ATT&amp;amp;CK mapping, and threat intel on the source infrastructure.</description></item></channel></rss>