Skip to main content



How attacker alter the history in Linux:

During incident response and threat hunting activity, the analyst collects important artifacts, logs from the suspected system or victim machine. When the Linux environment as the infected device OS, then executed commands list by attackers will give you the detail of how infection flows into the system. In order to get that list 'History' is the command used to get the list.

Let's see how attacker modifies the history:

For instance, I try to print a sentence as "this is hacker" using echo command.

Once print was done then check the history. It shows the echo command as the serial number 595.

Now go back to the terminal and press upper arrow where we find the echo "this is hacker" statement. Just backspace that content and rewrite whatever you wish. In this case, I wrote, "this is not hacker". But don't enter that command, just push the down arrow and go for empty command. Hit the history and check the list.

 Currently, we unable to see t…

Latest Posts

Usoclient.exe Command window popup

EKFiddle team updated regex for drive by Mining via Drupal attack

Phishing campaign - Netflix

Bug Hunter's Notepad

Details of Lokibot - Malspam

Interesting File in VT:

Microsoft Patch Tuesday for April 2018:

Analysis of Potentially Unwanted Application

Is it possible for internet service provider to serve popup ads in the user machine?

Analysis of Foreign Ransomware

Google Plus: