Source: https://www.sandflysecurity.com/blog/compromised-linux-cheat-sheet/
Large amounts of RAM:
top
class Curl | |
{ | |
/** | |
* A get request to another site. | |
* | |
* Ex: Curl::get('http://google.com/') will return the standard curl response from google | |
* | |
* @param string The url of the site | |
* @param string The response language (currently json or xml, they will be automatically parsed) | |
* @param array Any custom curl options that need to be added in the form of array(OPTION => 'value'); |
<useragentswitcher> | |
<folder description="Browsers - Windows"> | |
<folder description="Legacy Browsers"> | |
<useragent description="Arora 0.6.0 - (Vista)" useragent="Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/527 (KHTML, like Gecko, Safari/419.3) Arora/0.6 (Change: )" appcodename="" appname="" appversion="" platform="" vendor="" vendorsub=""/> | |
<useragent description="Avant Browser 1.2" useragent="Avant Browser/1.2.789rel1 (http://www.avantbrowser.com)" appcodename="" appname="" appversion="" platform="" vendor="" vendorsub=""/> | |
<useragent description="Chrome 4.0.249.0 (Win 7)" useragent="Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5" appcodename="" appname="" appversion="" platform="" vendor="" vendorsub=""/> | |
<useragent description="Chrome 5.0.310.0 (Server 2003)" useragent="Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.9 (KHTML, like Gecko) Chrome/5.0.310.0 Safari/532.9" appcodename="" appname="" |
# On Controller node | |
$ tcpdump -envi eth0 | grep -i gre | |
$ tcpdump -envi br-int | |
$ tcpdump -envi br-tun | |
$ ip netns exec qrouter-d72adddf-4c02-4916-ae6d-16bfdaf59d99 tcpdump -nn -i qr-63ea2815-b5 icmp | |
$ ip netns exec qrouter-d72adddf-4c02-4916-ae6d-16bfdaf59d99 tcpdump -nn -i qg-e7110dba-a9 icmp | |
$ tcpdump -envi 192.168.122.163 | |
$ tcpdump -envi br-ex | |
$ tcpdump -i eth0 -n arp or icmp |
#!/usr/bin/env python | |
"""Simple server using epoll.""" | |
from __future__ import print_function | |
from contextlib import contextmanager | |
import socket | |
import select | |
netsh interface teredo set state disabled | |
netsh interface 6to4 set state disabled | |
netsh winsock reset | |
netsh interface isatap set state disable | |
netsh int tcp set global timestamps=disabled | |
netsh int tcp set heuristics disabled | |
netsh int tcp set global autotuninglevel=disable | |
netsh int tcp set global congestionprovider=ctcp | |
netsh int tcp set supplemental Internet congestionprovider=CTCP | |
netsh int tcp set global chimney=disabled |
Source: https://www.sandflysecurity.com/blog/compromised-linux-cheat-sheet/
Large amounts of RAM:
top
000stthk.exe|Toshiba Hotkey Configuration|NONE | |
007ssinstall.exe|007 Spy Software|NONE | |
00thotkey.exe|Toshiba Keyboard Helper|NONE | |
123downloadsuk[1].exe|123Mania Hijacker|NONE | |
12popup.exe|12Ghosts Popup-Killer|NONE | |
153.exe|??? Dialer.W32.153 ???|MALICIOUS_SOFTWARE | |
180sainstalleradperform.exe|180Solutions Zango|NONE | |
180sainstallernusac.exe|180SearchAssistant|NONE | |
1xconfig.exe|SCM MicroSystems Helper|NONE | |
2portalmon.exe|2wSysTray|NONE |