[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vp / vr / w / wg / wsg / wsr / x / y ] [Home]
4chanarchives logo
What's the best way to handle a possible security breach
Images are sometimes not shown due to bandwidth/network limitations. Refreshing the page usually helps.

You are currently reading a thread in /g/ - Technology
Thread replies: 7
Thread images: 1
Anonymous
2016-05-09 06:55:16 Post No. 54457212
[Report] Image search: [Google]
Anonymous 2016-05-09 06:55:16 Post No. 54457212 [Report]
What's the best way to handle a possible security breach through the means of a Meterpreter shell? I did some scanning on my network with Wireshark and discovered unusual interaction between 2 Windows devices on my network and a couple of IP addresses. One of the IP addresses is associated with Shodan, another with SoftLayer VPS services. I took all devices off of the internet and I plan on backing up needed data before wiping both drives. Both IP addresses have been reported on AbuseIPDB for SQL injections, Meterpreter shells, DDoSing, SSH/FTP brute forcing, and more. Besides wiping the drives, what's a good way to find the shell and kill it?
>>
Anonymous 2016-05-09 06:56:44 Post No.54457228
[Report]
Anonymous 2016-05-09 06:56:44 Post No.54457228 [Report]
install gentoo
>>
Anonymous 2016-05-09 06:58:39 Post No.54457251
[Report]
Anonymous 2016-05-09 06:58:39 Post No.54457251 [Report]
>>54457228
You are the reason God hates us.
>>
Anonymous 2016-05-09 08:25:00 Post No.54458072
[Report]
Anonymous 2016-05-09 08:25:00 Post No.54458072 [Report]
>>54457212
You are aware 95% of this board doesn't have a clue about technology?
>>
Anonymous 2016-05-09 09:49:41 Post No.54458891
[Report]
Anonymous 2016-05-09 09:49:41 Post No.54458891 [Report]
>>54457212
did you check top
>>
Anonymous 2016-05-09 11:06:18 Post No.54459400
[Report]
Anonymous 2016-05-09 11:06:18 Post No.54459400 [Report]
Process explorer, but good shells may unlink their process in the kernel eprocess list. You should be ready to kernel debug and RAM dump/search using volatility. Normally you'd have system visibility tools but you're not Enterprise enough. Full forensic response is probably overkill. If you know how to find and track handles for network connections then you'll be able to find the meterpreter shell or memgrep RAM for the meterpreter DLL then dig around for the associated process.
>>
Anonymous 2016-05-09 11:13:13 Post No.54459449
[Report]
Anonymous 2016-05-09 11:13:13 Post No.54459449 [Report]
fuck you faggot kill yourself
Thread replies: 7
Thread images: 1
banner
banner
[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vp / vr / w / wg / wsg / wsr / x / y] [Home]
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
If a post contains personal/copyrighted/illegal content you can contact me at [email protected] with that post and thread number and it will be removed as soon as possible.
DMCA Content Takedown via dmca.com
All images are hosted on imgur.com, send takedown notices to them.
This is a 4chan archive - all of the content originated from them. If you need IP information for a Poster - you need to contact them. This website shows only archived content.