RE+DFIR101 - Malware Analysis Short Stories


  ____  _____ _____ ____  ______   ______  
 |  _ \| ____|_   _|___ \/ ___\ \ / / ___| 
 | |_) |  _|   | |   __) \___ \\ V /\___ \ 
 |  _ <| |___  | |  / __/ ___) || |  ___) |
 |_| \_\_____| |_| |_____|____/ |_| |____/ 
                                           
                                                     
DFIR101 - Exploit2Forensics		
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

VULNERABILITY ANALYSIS

Please assure you are not operating as root by opening a new shell:

1. Check to see who you are operating as with a "whoami".

2. Check who else is logged in with a "w".

3. Check the current kernel version with a "uname -a"

4. Check the OS version with a "cat /etc/issue"

5. Check if you can execute privileged commands without a password "sudo cat /etc/sudoers"

5. Look for potential victim binaries by searching for SUID set with root ownership "find ./ -perm 4000 -o -perm 2000

6. You can now research more accurately for known vulnerabilities in the OS/Kernel, what controls might be applicable, and have a binary that might be worth exploiting.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

HOME × GITHUB × YOUTUBE × LINKEDIN × BLOG