They seem to define "persistence" variously, though I think they're talking about a rootkit in general (as opposed to checkpoint/restore). Emphasis on hypervisors, HDD and SSD firmware and, of course, the SMM.
Given that they talk about "Linux application persistence", I'd assume it's some kernel module rootkit. In which case, it's not that cool. The in-kernel ABI changes a lot and basic techniques like hooking the IDT vary.
Given that they talk about "Linux application persistence", I'd assume it's some kernel module rootkit. In which case, it's not that cool. The in-kernel ABI changes a lot and basic techniques like hooking the IDT vary.