The “P” in PAM is for Persistence: Linux Persistence Technique

This report demonstrates a proof-of-concept Linux persistence technique using a malicious Pluggable Authentication Modules (PAM) replacement called 'PAM Skeleton Key' that creates a universal login password and exfiltrates cleartext credentials to a webhook; it includes installation, use, and reversal steps and notes root access is required to install the backdoor.