Linux Threat Detection 2
Premium roomExplore the first actions of attackers after breaching a Linux server and learn how to detect them.
medium
60 min
10,088
To access material, start machines and answer questions login.
What happens next after threat actors enter the system? What commands do they run, and what goals do they aim to achieve? In this room, you'll find out by exploring common attack techniques, detecting them in logs, and analyzing a real-world cryptominer infection from start to finish.
Learning Objectives
- Explore how to identify Discovery commands in logs
- Learn common threats endangering servers
- Know how attackers upload malware onto their victims
- Practice your skills by uncovering a real cryptominer attack
Prerequisites
- Complete the Threat Detection 1 room
- Remind yourself of tactics and techniques
- Know basic commands like wget or grep
Lab Access
Before moving forward, start the lab by clicking the Start Machine button below. The machine will start in split view and will take about two minutes to load. In case the machine is not visible, you can click the Show Split View button at the top of the task. You may need to work as the root user for some tasks. To switch to root on the , please run sudo su.
Set up your virtual environment
Credentials
Alternatively, you can access the from your own -connected machine with the credentials below:
I'm ready to learn!
Ready to learn Cyber Security?
The Linux Threat Detection 2 room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in