[Reserved] emergency response and investigation traceability

Others 2020-03-25 10:17:34 views: null

Source: https://sec.ctrip.com/doc/ corporate emergency response and investigation traceable way .pdf

Troubleshooting steps:
Check the process and file

//快速查看进程信息，获取进程文件位置
    top -c
//杀死进程          
    kill -q PID   
//根据文件名特征查找
    grep -rni "shellname"*
//根据文件大小特征查找
    find / -size 1223123c
//根据文件创建时间查找
    find / -mtime 1 -name *
//查看进程占用信息
    lsof -p PID
//读取进程在内存中的信息
    cd /proc/PID
    cat *|strings -n 5|more

Detection Network

//查看port端口
    lsof -i:"port"
//查看不正常端口
    netstat -nap
//查看Tcp连接
    netstat -an |grep tcp|awk '{print \$5}'
//查看syn连接
    netstat -an|grep SYN|awk '{print \$5}'|awl -F:'{print \$1}'|sort|uniq -c|sort -nr|more

Check the system command

ls -alt /bin/|head -n 10
ls -alt /usr/sbin/|head -n 10
ls -alt /usr/bin/|head -n 10

Guess you like

Origin www.cnblogs.com/rookieDanny/p/12564093.html

[Reserved] emergency response and investigation traceability

Emergency response / safety traceability

[Yugong Series] Advanced Network Security Class 032 in May 2023. Emergency Response Traceability Analysis (Liunx Intrusion Investigation)

[Windows] Emergency Response ideas invasion investigation

Emergency Response and Disposal Process-System Investigation

Network Security----Emergency Response Intrusion Investigation

Spark Salon | emergency response *** log analysis traceability portrait

[Yugong Series] Advanced Network Security Class 033 in May 2023. Emergency Response Traceability Analysis (Liunx Log Analysis)

[Yugong Series] Advanced Network Security Class 030 in May 2023. Analysis of Emergency Response Traceability (Webshell Killing Tool)

Patent investigation on traceability of cyber attacks in China

Security Emergency Response Guide

linux security emergency response

Windows Security Emergency Response (a)

Linux emergency response notes

Emergency response learning

Emergency response methods and capabilities

Emergency response process

Organize the emergency response process

Ransomware Emergency Response Guide

Linux Emergency Response Troubleshooting

Windows Emergency Response Troubleshooting

The whole process of emergency response

Safety emergency response case

windows emergency response

Linux security----Common commands for emergency traceability

[Foolish Old Man Series] 2023-05 Cyber Security Advanced Class 031. Emergency Response Traceability Analysis (Red Team Penetration Testing Arsenal)

[Foolish Old Man Series] 2023-05 Network Security Advanced Class 029. Emergency Response Traceability Analysis (Windows System Security Configuration and Hardening)

Windows common emergency response command

linux common commands emergency response

Emergency Response -PDCERF model (rpm)

Recommended

TIOBE May list: Fortran “resurrected” into Top 10

GCC 14.1 released

Ranking

B. Little Girl and Game【1300 / 回文字符串博弈论】

CIKERS Shane 20190613

"Javascript advanced programming" study notes - the constructor and prototype

beeline hiveserver2 start

springboot - Automatically backup mysql data every day

Data Storage Full Solution--Detailed Persistence Technology

Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original

TCP / IP protocol layers structure and function

Command type literal pos: unknown； Fallback type literal pos: unknown] with root cause

Design of multifunctional curtain controller with indoor anti-theft alarm

Daily

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)

2024-05-02(0)

2024-05-01(4)

2024-04-30(36)

2024-04-29(5)