Detecting Bruteforcing

Linux

/var/log/, a Linux directory where all security events (logs) are stored. Indeed, every SOC analyst at TBFC will confirm that the best way to find evil bunnies is to check the logs. Log files are usually very big, and looking through them with cat is not ideal. Thus, let's use grep, a command to look for a specific text inside a file.

Navigate to the logs directory with cd /var/log and explore its content with ls.
Run grep "Failed password" auth.log to look for the failed logins inside the auth.log.

PreviousMimikatz NextLinux Remote Management Protocols

Last updated 2 days ago