Thread Reader
Share this page!
×
Post
Share
Email
Enter URL or ID to Unroll
×
Unroll Thread
You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649
How to get URL link on X (Twitter) App
On the Twitter thread, click on
or
icon on the bottom
Click again on
or
Share Via icon
Click on
Copy Link to Tweet
Paste it above and click "Unroll Thread"!
More info at
Twitter Help
darkQuasar
@darkQuassar
I believe in community, human connection, concepts and puzzles. DFIR, CyberSec and bla, bla, bla... I own my opinions here, sometimes they own me.
Subscribe
Save as PDF
Jan 15, 2020
•
10 tweets
•
2 min read
CVE-2019-19781
Live Response First Steps
=========================
Some tips on how to go about running a micro-compromise assessment on Netscaler boxes, this is what I've been using:
>>> Check the root user command history: history
/1
>>> Check bash log files and sort by frequency, less frequent commands at the top: cat /var/log/bash.log | grep -Eio "shell_command=.*$" | sort | uniq -c | sort -n && zcat /var/log/bash*.gz | grep -Eio "shell_command=.*$" | sort | uniq -c | sort -n
/2
