requirements: change the auditd log_format from raw to enriched /etc/audit/auditd.conf Install the Splunk Add-on for Linux change the sourc...

Auditd Components auditctl Configure and manage audit rules. aureport Generate reports from audit logs. aushell Interactively process audit event data. auditd The daemon that collects aud...

Using tabs #open tab :tabnew ## switch tab :tabn ### next :tabp ### previuos gt ## switch forward gT ## switch backwards #open file e: folder e: file navigation h (left) ...

create Report # clone lynis cd /usr/local git clone https://github.com/CISOfy/lynis cd lynis # Start Report ## unprivileged User ./lynis audit system ## privileged user sudo ./lynis audit syste...

Modes Sniffer Mode - Read IP packets and prompt them in the console application. Packet Logger Mode - Log all IP packets (inbound and outbound) that visit the network. Log/drop the packets ...

Files # show all open Files lsof /var # suppress open files by kernel lsof -b # show the count of all open files lsof | wc -l # show open files per user lsof -u steh # show all open files unde...

Checklist for Analyzing Checks to Perform Packet statistics Service identification IP reputation check Questions to Answer Which IP addresses are in use? Has a suspicious IP address...

Dangers of Analysing Malware Samples WARNING: Handling a malware sample is dangerous. Always consider precautions while analysing it.1 Always assume that malware samples will infect your devic...

What is Memory Forensics Memory forensics is the analysis of the volatile memory that is in use when a computer is powered on. Computers use dedicated storage devices called Random Access Memory (...

What is Metasploit/Meterpreter? Metasploit is a powerful penetration testing tool for gaining initial access to systems, performing post-exploitation, and pivoting to other applications and system...