Sunday, July 24, 2016

Introduction to Linux System Administration

This series of articles, which explains various concepts and commands in Linux, is aimed at those new to Linux. We take a look at the basics of Linux to gain a better understanding of the power it has.
Linux is a major force in computing technology, powering everything from mobile phones and personal computers to supercomputers and servers. The job of a systems administrator is to manage the operations of a computer system. As most computing devices are powered by Linux, it makes sense to learn it. By the end of this article, you should be able to know and understand:
  • Linux file systems
  • File system hierarchy
  • Linux online manual page
  • Root/super user
  • Handling files and directories

Read more »
Posted by at No comments:

Top 50 Linux System Administrator Interview Questions

1. What does nslookup do?
2. How do you display the top most process utilizing CPU process?
3. How to check all open ports on a Linux machine and block the unused ports?
4. What is Linux? How is it different from UNIX?
Read more »
Posted by at No comments:

Friday, July 22, 2016

Hiding Data from Forensic Imagers – Using the Service Area of a Hard Disk Drive

I. Summary

Kaspersky Labs® recently released their research regarding the compromise of hard disk drive firmware. This has confirmed our long standing suspicion that data hiding techniques using a hard disk drives Service Area could be used for malicious purposes.  Kaspersky Labs® identified a group of attackers, dubbed the Equation Group, reportedly having close ties to the groups responsible for
Read more »
Posted by at No comments:

Tuesday, July 19, 2016

Look What We Found in Mr Robot S02E01

At the end of S02E01 of Mr Robot, there is a scene where Darlene generate a ransomware with a modified SET toolkit. My fingers were itching for the IP address 192.251.68.254 which seems to be the C2 address for this malware. Not surprisingly, WHOIS resolved to NBC-UNIVERSAL. Lets see how deep this rabbit hole is.

Read more »
Posted by at No comments:

Look What We Found in Mr Robot S02E01

At the end of S02E01 of Mr Robot, there is a scene where Darlene generate a ransomware with a modified SET toolkit. My fingers were itching for the IP address 192.251.68.254 which seems to be the C2 address for this malware. Not surprisingly, WHOIS resolved to NBC-UNIVERSAL. Lets see how deep this rabbit hole is.

Read more »
Posted by at No comments:

Linux commands “astu” and “astsu” in Mr. Robot

 

ASTU is a fictional command used in Mr.Robot TV series. He use this command to restore the hacked server. The command used in Mr.Robot TV series while fixing server are

At 30:20 minute in Mr.Robot TV series.

eterm##$ locate server WBKUW300PS345672
eterm##$ ps aux | grep root
eterm##$ ps aux | grep root | cpuset
eterm##$ astu trace -pid 344 -cmd
eterm##$ astu -ls ./root/fsociety/ -a
eterm##$ fsociety00.dat

Above commands were used by Elliot to restore the server. Among all the above commands, only ps and locate is a real Unix command. PS command is used to list the running process. According to the series, there was a rootkill running in the server. He use ps command to find out the list of running process under root user. He finds out fsociety00.dat is process that made the downtime of server.

Locate command is used to search file in your filesystem. It searches for files only in the path located in /var/lib/mlocate/mlocate.db database file.
Posted by at 10 comments:
Subscribe to: Posts (Atom)