Getting an Attacker IP Address from a Malicious Linux At Job
July 25, 2019
https://www.linkedin.com/pulse/getting-attacker-ip-address-from-malicious-linux-job-craig-rowland/
| Notes |
|---|
| Linux |
| persistence |
| cron |
| at job |
| atd |
| at command |
| atq command |
| scheduled job |
| incident response |
| checking for at jobs, cron jobs during incident response is mandatory |
| at jobs tend to include the adding user’s environment, including SSH_CLIENT, SSH_CONNECTION |
| SSH_CLIENT |
| SSH_CONNECTION |
| Sandfly |