You're reading from CompTIA CySA+ (CS0-003) Certification Guide Pass the CySA+ exam on your first attempt with complete topic coverage, expert tips, and practice resources

Product type Paperback

Published in Apr 2025

Publisher Packt

ISBN-13 9781835468920

Length 742 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Jonathan Isley

View More author details

Table of Contents (19) Chapters

Preface

1. Chapter 1: IAM, Logging, and Security Architecture FREE CHAPTER

2. Chapter 2: Attack Frameworks

3. Chapter 3: Incident Response Preparation and Detection

4. Chapter 4: Incident Response – Containment, Eradication, Recovery, and Post-Incident Activities

5. Chapter 5: Efficiency in Security Operations

6. Chapter 6: Threat Intelligence and Threat Hunting

7. Chapter 7: Indicators of Malicious Activity

8. Chapter 8: Tools and Techniques for Malicious Activity Analysis

9. Chapter 9: Attack Mitigations

10. Chapter 10: Risk Control and Analysis

11. Chapter 11: Vulnerability Management Program

12. Chapter 12: Vulnerability Assessment Tools

13. Chapter 13: Vulnerability Prioritization

14. Chapter 14: Incident Reporting and Communication

15. Chapter 15: Vulnerability Management Reporting and Communication

16. Chapter 16: Accessing the Online Practice Resources

17. Index

Why Subscribe?

18. Other Books You May Enjoy

Activity 7.2: Log Analysis, Privilege Escalation, Persistence and IOCs

This activity will present you with the opportunity to review a bash command history log file as related to a recent security issue. You will be looking for malicious commands found in the log file.

Scenario

The IT team at a company discovered that sensitive financial data from a Linux server was leaked online. This data should have only been accessible by the admin user with elevated privileges. Security logs show that the server’s web interface, running a Python-based application, was accessed by an unauthorized party using the web-service user account. According to the developers, the application has been configured to block file uploads that could introduce malicious scripts. A Bash history log from the server is available for review. Can you find out more about what happened?

You will analyze the following Bash command history log file to respond to the questions and understand more about the...