exploit evidence fr...
 
Notifications
Clear all

exploit evidence from encase

5 Posts
4 Users
0 Likes
860 Views
(@afsfr)
Posts: 37
Eminent Member
Topic starter
 

we collect Linux image in encase, we suspect one of Linux application is exploited and attacker got root shell access through exploit, is there any way to find evidence of exploit in encase? thanks

 
Posted : 12/12/2019 9:35 am
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

we collect Linux image in encase, we suspect one of Linux application is exploited and attacker got root shell access through exploit, is there any way to find evidence of exploit in encase? thanks

What's the Linux version?

What is the application?

 
Posted : 12/12/2019 11:55 am
(@rich2005)
Posts: 535
Honorable Member
 

we collect Linux image in encase, we suspect one of Linux application is exploited and attacker got root shell access through exploit, is there any way to find evidence of exploit in encase? thanks

What's the Linux version?

What is the application?

I could be wrong but I think (due to language barrier) he's saying they don't know the method of entry and basically wants to know how to do an intrusion investigation in EnCase (ie not one specific app).

 
Posted : 12/12/2019 12:37 pm
Bunnysniper
(@bunnysniper)
Posts: 257
Reputable Member
 

I could be wrong but I think (due to language barrier) he's saying they don't know…

Please have a look at his other questions. We are facing a person, who does not even have beginner knowledge in digital forensics and is too lazy to read about the basics. "Don`t feed the troll" - my 2 cent.

regards, Robin

 
Posted : 12/12/2019 12:47 pm
(@afsfr)
Posts: 37
Eminent Member
Topic starter
 

we collect Linux image in encase, we suspect one of Linux application is exploited and attacker got root shell access through exploit, is there any way to find evidence of exploit in encase? thanks

What's the Linux version?

What is the application?

I could be wrong but I think (due to language barrier) he's saying they don't know the method of entry and basically wants to know how to do an intrusion investigation in EnCase (ie not one specific app).

I have a vulnerable application, Linux kernel also out of dated, I need to provide evidence for initial shell access, I 'm not sure the shell access by hacker is through which exploit (which script hacker used? through buffer overflow or LSASS exploit? OS or application level?), the compromise didn't cause application malfunction, but hacker gain shell access to our LONDON data center Linux machine and further escalate to root. so the first step intrusion evidence (remote shell access)I need to collect, you are right

 
Posted : 13/12/2019 7:52 am
Share: