The learning objectives for day 18 were:
- Identify the CPU and memory usage of processes in Linux.
- Kill unwanted processes in Linux.
- Find ways a process can persist beyond termination.
- Remove persistent processes permanently.
We were provided with a machine that had a malicious process running, our task was to identify and kill this process.
We used the top commands to check the system processes and noticed there was one process which used 100% of the CPU then we killed the mallicious process but it somehow managed to respawn on a different PID, Then we checked the cronjobs of the user and the root user but we couldn't find anything there. So, we used the systemctl command to see all the running services here we found a suspicious process and on further investigation we confirmed it was the mallicious process , we then stopped the service using the sytemctl command , then we disabled the service and deleted it from the file system.
Click here to see the tutorial.
No comments:
Post a Comment