Dealing with a system compromise: your defenses failed, now what?
Dealing with a system compromise: your defenses failed, now what?
First, read How do I deal with a compromised server?
Questions tagged [system-compromise]
154 questions
187
votes
6 answers
How do I deal with a compromised server?
I suspect that one or more of my servers is compromised by a hacker, virus, or other mechanism:
What are my first steps? When I arrive on site should I disconnect the server, preserve "evidence", are there other initial considerations?
How do I go…
Lucas Kauffman
- 54,437
- 17
- 116
- 196
2
votes
1 answer
Need help deobfuscating malicious PHP
Recently I had a shared hosting server that was hacked; the following line of code was injected at the top of every PHP file on the server:
tlng05
- 10,384
- 1
- 35
- 36
2
votes
0 answers
Empire listener compromised?
I've been messing around with Empire powershell post exploitation toolkit for a little while now. I've been "infecting" my home PC with a malicious payload and trying to gain persistence/admin access, etc. I have a small debian cloud server…
AckMan
- 63
- 5
1
vote
2 answers
Best practices for working with a new computer
What steps can I take to detect if a brand new computer has been compromised?
Would it take an actor with significant resources to compromise a system and still have it appear to start the standard Windows set up wizard? Partly I ask this because I…
ws_e_c421
- 111
- 1
1
vote
0 answers
I've nuked it from orbit, now what?
Last night I was checking my router because I noticed some sluggishness with my connection. I opened a connections monitor and saw my computer was sending significant UDP traffic to an IP address on high port numbers. This wasn't immediately…
Davis
- 152
- 5
0
votes
2 answers
Passport information compromised
I still have my passport in hand but my purse was stolen with all my passport information and passwords with security questions and answers in it. Should I get a new passport or since I still have my passport am I safe
Traci
- 1
0
votes
1 answer
OS (or platform) agnostic metrics to understand if a system is compromised?
For Windows-based systems, I have seen that changes to the Registry or System Directories are some of the things which are used to track if a machine has been compromised. Similar things must exist for other platforms- and I must admit that I am…
pnp
- 1,808
- 2
- 26
- 42
0
votes
1 answer
CentOS 6.8 network tools - Is one of these compromised?
I have a CentOS 6.8 system that happens to be running Tripwire (the Open Source version). The system is on an internal network behind a firewall that is not forwarding any incoming connections. I.e. the Centos system can access the Internet but has…
Jim Garrison
- 133
- 7
0
votes
1 answer
Are there any vulnerability differences between real-time systems and non-real-time systems?
Are there any fundamental vulnerability peculiarities unique to real-time systems? Are they impervious to some vulnerabilities, due to their speed?
Here, real-time system refers to typical usage where the time constraints are very short, and…
Brent Kirkpatrick
- 950
- 4
- 19