Here's a fun #Linux #DFIR #CommandLine #Trivia question with a little #RedTeam flavor.
You find the following commands in /root/.bash_history:
lsof -c /ssh/ | awk '$5 == "unix" && $NF != "socket" {print $3, $NF}'
export… infosec.exchange/@hal_pomera…
Nov 15, 2022 · 2:45 PM UTC
1
3
4
Props to 🐘ilikepi@hachyderm.io for checking in with the first correct answer to yesterday's Linux DFIR command line trivia.
Let's break this down line by line:
1. The lsof pipeline grabs the username and path name of all ssh-agent sockets as well as… infosec.exchange/@hal_pomera…