Explore Linux post-exploitation detection using Auditd in this 22-minute conference talk from BSidesLV 2015. Delve into the motivations behind Auditd, its background, and key components such as system calls and audit rules. Learn about example configurations, file watch roles, and reporting examples. Examine an attack scenario, including setup, execve results, false positives, and post-behavior solutions. Gain insights into effective Linux security monitoring and threat detection techniques.