Differences

This shows you the differences between two versions of the page.

--- start:auditformalware [2022/11/10 19:52] – peter
+++ start:auditformalware [2022/11/10 19:59] – peter
@@ Line 21: / Line 21: @@
 Dont forget to check open ports which is documented here: [[Start:Firewall|Install A Simple Software Firewall]]
+You can also lookup how to use yara, and there are signatures here (https://github.com/Yara-Rules/rules) but personally I have not had to use yara and cant comment much on it. You can research it as a tool, I believe its widly used especially in the kali community.
+And last thing to note, as always, if anything malicious is ever found, then its best to totally wipe and start again with a new system rather than fix or attempt to fix a rooted box. Hopefully some of these overviews help you out as a basic starting place :)
+- P
+Further reading once the basics are no longer helpful:
+https://www.sans.org/posters/intrusion-discovery-cheat-sheet-for-linux/
+https://fahmifj.github.io/blog/linux-forensics-command-cheat-sheet/
+https://www.sandflysecurity.com/blog/compromised-linux-cheat-sheet/
+https://s3.amazonaws.com/acmelabs-galleries/48/0000/2352/forensic_cheatsheet.pdf
+https://cdn.ttgtmedia.com/rms/security/Malware%20Forensics%20Field%20Guide%20for%20Linux%20Systems_Ch3.pdf
+https://www.jaiminton.com/cheatsheet/DFIR/#linux-cheat-sheet
+https://github.com/trimstray/the-book-of-secret-knowledge#black_small_square-auditing-tools

Make Debian Fun Again And Learn How To Do Other Cool Stuff Too