[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vp / vr / w / wg / wsg / wsr / x / y ] [Home]
4chanarchives logo
What's the best way to handle a possible security breach

You are currently reading a thread in /g/ - Technology
Thread replies: 7
Thread images: 1
Anonymous
2016-05-09 06:55:16 Post No. 54457212
[Report] Image search: [Google]
Anonymous 2016-05-09 06:55:16 Post No. 54457212 [Report]
What's the best way to handle a possible security breach through the means of a Meterpreter shell? I did some scanning on my network with Wireshark and discovered unusual interaction between 2 Windows devices on my network and a couple of IP addresses. One of the IP addresses is associated with Shodan, another with SoftLayer VPS services. I took all devices off of the internet and I plan on backing up needed data before wiping both drives. Both IP addresses have been reported on AbuseIPDB for SQL injections, Meterpreter shells, DDoSing, SSH/FTP brute forcing, and more. Besides wiping the drives, what's a good way to find the shell and kill it?
>>
Anonymous 2016-05-09 06:56:44 Post No.54457228
[Report]
Anonymous 2016-05-09 06:56:44 Post No.54457228 [Report]
install gentoo
>>
Anonymous 2016-05-09 06:58:39 Post No.54457251
[Report]
Anonymous 2016-05-09 06:58:39 Post No.54457251 [Report]
>>54457228
You are the reason God hates us.
>>
Anonymous 2016-05-09 08:25:00 Post No.54458072
[Report]
Anonymous 2016-05-09 08:25:00 Post No.54458072 [Report]
>>54457212
You are aware 95% of this board doesn't have a clue about technology?
>>
Anonymous 2016-05-09 09:49:41 Post No.54458891
[Report]
Anonymous 2016-05-09 09:49:41 Post No.54458891 [Report]
>>54457212
did you check top
>>
Anonymous 2016-05-09 11:06:18 Post No.54459400
[Report]
Anonymous 2016-05-09 11:06:18 Post No.54459400 [Report]
Process explorer, but good shells may unlink their process in the kernel eprocess list. You should be ready to kernel debug and RAM dump/search using volatility. Normally you'd have system visibility tools but you're not Enterprise enough. Full forensic response is probably overkill. If you know how to find and track handles for network connections then you'll be able to find the meterpreter shell or memgrep RAM for the meterpreter DLL then dig around for the associated process.
>>
Anonymous 2016-05-09 11:13:13 Post No.54459449
[Report]
Anonymous 2016-05-09 11:13:13 Post No.54459449 [Report]
fuck you faggot kill yourself
Thread replies: 7
Thread images: 1
[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vp / vr / w / wg / wsg / wsr / x / y] [Home]
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
If a post contains personal/copyrighted/illegal content you can contact me at [email protected] with that post and thread number and it will be removed as soon as possible.
If a post contains illegal content, please click on its [Report] button and follow the instructions.
This is a 4chan archive - all of the content originated from them. If you need information for a Poster - you need to contact them.
This website shows only archived content and is not affiliated with 4chan in any way.
If you like this website please support us by donating with Bitcoin at 1XVgDnu36zCj97gLdeSwHMdiJaBkqhtMK