T0250
Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
Skill drills that exercise this task
- CSCD240-E1-A-Q41 Explain the setuid bit in 1-2 sentences using the term "effective user ID".
- CSCD240-E1-B-Q04 Print the groups your user belongs to.
- CSCD240-E1-B-Q06 Owner triad shows rws instead of rwx. Name the bit.
- CSCD240-E1-B-Q07 What does the setuid bit cause when the file is executed? Use "effective user ID".
- CSCD240-E1-B-Q08 Who owns /usr/bin/passwd in the ls -l line? Why does that matter for setuid?
- CSCD240-E1-B-Q09 Convert rwsr-xr-x to 4-digit octal including special bits.
- CSCD240-E1-B-Q10 Locate every setuid-root file on the filesystem; suppress permission-denied noise.
- CSCD240-E1-B-Q14 Find every world-writable regular file under /var (common misconfig indicator).
- CSCD240-E1-B-Q23 Recursively search /etc for any file containing "password=" and print only filenames.
- CSCD240-E1-C-Q04 A -rwsr-xr-x file owned by root. Execution causes what?
- CSCD240-E1-C-Q13 Find every regular file under /var that is world-writable?
- CSCD240-E1-C-Q18 chmod 4755 /opt/app/runner — which bit was set?
- CSCD240-E1-C-Q41 -rwsrwxrwx root root .xhelper in /tmp. Why alarming?
- CSCD240-E1-C-Q46 .bashrc contains alias ls='rm -rf'. Consequence if planted and user opens a new shell?