- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Linux Audit Logs (auditd) | Artifact of the Day
Attackers just ran a reverse shell — but you missed it.
Artifact of the Day | DFIR Media
• Linux audit logs capture every system call at the kernel level.
• Check /var/log/audit/audit.log for the full command line history.
• EXECVE records show the exact arguments passed to bash or netcat.
• Use ausearch to filter by time or aureport for quick summaries.
• But check /etc/audit/audit[.]rules — many systems have zero coverage.
• No audit rules means attackers operate in the dark.
AI-generated narration | DFIR Media
Видео Linux Audit Logs (auditd) | Artifact of the Day канала DFIR Lab
Artifact of the Day | DFIR Media
• Linux audit logs capture every system call at the kernel level.
• Check /var/log/audit/audit.log for the full command line history.
• EXECVE records show the exact arguments passed to bash or netcat.
• Use ausearch to filter by time or aureport for quick summaries.
• But check /etc/audit/audit[.]rules — many systems have zero coverage.
• No audit rules means attackers operate in the dark.
AI-generated narration | DFIR Media
Видео Linux Audit Logs (auditd) | Artifact of the Day канала DFIR Lab
Комментарии отсутствуют
Информация о видео
13 июня 2026 г. 7:42:41
00:00:44
Другие видео канала
AI Detection Rule Generation
AI Detection Rule Generation
.bash_history and Shell History | Artifact of the Day
Linux Crontab Entries | Artifact of the Day
AI Alert Triage
Ransomware Response Playbook | IR Playbook
T1070 — Indicator Removal | MITRE Spotlight
BITS Jobs (Background Intelligent Transfer Service) | Artifact of the Day
T1190 — Exploit Public-Facing Application | MITRE Spotlight
PCAP Files | Artifact of the Day
SRUM — System Resource Usage Monitor | Artifact of the Day
macOS Unified Logs | Artifact of the Day
Volume Shadow Copies (VSS) | Artifact of the Day
macOS KnowledgeC.db | Artifact of the Day
Cobalt Strike Beacon Detection Patterns | Detection Rule Friday
Shellbags | Artifact of the Day
PCAP Files | Artifact of the Day
Attack Surface Scan
Memory Forensics — Process Listing | Artifact of the Day
Service Installation from Unusual Directories | Detection Rule Friday
Google Safe Browsing Check
