Skip to main content

Posts

Showing posts from July, 2026

Linux IR

 Linux incident response cheat sheet... Download link of uac tool: https://github.com/tclahr/uac https://github.com/tclahr/uac/releases Please download the latest release of the tool from the above link. You will get the tool under Assets section for example named as: uac-3.3.0.tar.gz Setting up uac tool: Taking the tool to the victim/compromised machine: scp uac-3.3.0.tar.gz lab@192.168.10.135:/tmp scp uac-3.3.0.tar.gz lab@192.168.10.135: (if you do not give /tmp then the tool will be placed under that lab user home directory. Now provide the password of the target system) ssh lab@192.168.10.135 (Access the target system with creds) cd /tmp tar zxf uac-3.3.0.tar.gz cd uac-3.3.0/ sudo ./uac -p ir_triage /root (Run the tool using root user or with sudo privilege. -p for profile. Captured artifacts will be saved on /root directory)  Avi