[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Linux - Indicators of compromise

To: Ali Varshovi <ali.varshovi@xxxxxxxxxxx>
Subject: Re: [Full-disclosure] Linux - Indicators of compromise
From: Григорий Братислава <musntlive@xxxxxxxxx>
Date: Mon, 16 Jul 2012 13:59:26 -0400

On Sat, Jul 14, 2012 at 8:46 AM, Ali Varshovi <ali.varshovi@xxxxxxxxxxx> wrote:
> Greetings FD,
>
> Does anyone have any guidelines/useful material on analysis logs of a Linux 
> machine to detect signs of compromise? The data collection piece is not a 
> challenge as a lot of useful information can be captured using commands and 
> some scripts. I'm wondering if there is any systematic approach to analyze 
> the collected logs? Most of the materials I've seen are more aligned to 
> malware and rootkit detection which is not the only concern apparently.
>
> Thanks,
> Ali

Is in my experience is that I place two folders in directory in is
root folder called /root/MilaKunisLeakedPhotos/ and
/root/OlgaKurlyenko/ is when I see is accessed. Then I know is my
machine compromised. Everyone is want see Olga and Mila

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Linux - Indicators of compromise
  - From: coderman

References:
- [Full-disclosure] Linux - Indicators of compromise
  - From: Ali Varshovi

Prev by Date: Re: [Full-disclosure] XSS vulnerabilty on eenmiljardseconden.frankdeboosere.be
Next by Date: [Full-disclosure] DC4420 - London DEFCON - July meet - Tuesday July 17th 2012
Previous by thread: Re: [Full-disclosure] Linux - Indicators of compromise
Next by thread: Re: [Full-disclosure] Linux - Indicators of compromise
Index(es):
- Date
- Thread