When doing an analysis on any systems, it's important to ensure that actions do not negatively affect the system in review. While this is a noble goal, it's not always a realistic goal. To deconflict who/how in the aftermath, we recommend using the script command.

System Check

To check for unix system vulnerabilities, we recommend using the tools listed below:

• lynis
• unix-privesc-check
• Using SysInternals Tools Like a Pro

Both of these are formidable tool sets and both of are freely available.

Jurassic Tools

• Greps and find: greps
• Netcat: netcat
• Memory dumps: memory
• Data collection: collect
• Analysis of collected data: analyze

Resources

• de Mendonça, João Collier HOW TO ROCK WITH DNS: Patterns for Detection and Faster Spotting of Malicious Activities

• Roberts, Keelyn. Finding Evil in DNS Traffic

• Roberts, Scott. Awesome IOCs

• Taylor, Austin. Detect Beaconing with Flare, Elastic Stack, and Intrusion Detection Systems

• Ueltschi, Tom. Advanced Incident Detection and Threat Hunting using Sysmon and Splunk