Linux File System Analysis - TryHackMe Walkthrough

Detailed analysis of indepth linux investigation. After a linux web hosting server is found compromised. The room is the ultimate help/ guide for forensics analyst to identify the root cause of compromise and dissect it with the help of inbuild linux tools. This approach will the linux incident responders with the adequate outlook of how to approach and solve cyber attacks that target linux servers/ systems. Chapters. 0:00 - Room Introduction 1:26 - Linpeas - For Linux Enumeration 4:46 - Environmental Path Variables 5:46 - FIND Command 7:05 - Exiftool - File Metadata Analysis 9:26 - Find Command Catharsis 11:38 - STAT Command 12:45 - Backdoor Account - /etc/passwd 13:19 - Group ID Investigation - /etc/group 14:22 - Sudoers Investigation - /etc/sudoers 15:27 - .bash_history Investigation 16:16 - Hidden File Investigation 16:52 - SSH Keys Investigation 18:01 - DEBSUMS Utility 19:13 - MD5SUM Utility 22:01 - Chkrootkit Tool - Rootkit Scan 24:53 - rkhunter Tool - Indepth Rootkit Scan References. Tryhackme Room - https://tryhackme.com/r/room/linuxfilesystemanalysis linpeas.sh (Linux Enumeration Script)