Become the Master Triager
Ping/Port/Parse (14:00 of the stream)
Ping
Port
Is the port/process alive and running?
Parse
Parse those log files to figure out what's happening
Learning Bash is critical
John Strand recommended a book, but I missed it, and can't be arsed to find it in the video. It maybe the Amazon link, but anyway, here are some sources to get started:
Linux
On Linux, everything is a file.
It's the OS that's in basically everything, so get used to it.
It comes in a variety of distributions or "distros"
Don't get distracted with the distros
Most of them are built on a core version (like Debian or Arch) and have various quality-of-life or customization features added (like Ubuntu, Mint, SteamOS, or Kali.)
There are many Unix-like OS's, like Linux, macOS, and FreeBSD
They often function similarly, but will have different command structures for the same task, like app installation or network interface configuration
Users and privileges
Becoming SU
sudo su -
This changes the terminal environment from running as user AS root, to actually BEING root
Resources if you get lost
WHEN IN DOUBT : You can always learn about a command with by running man <command>, like man pwd
die.net
Various Linux manual pages
explainshell.com
Copy and paste an entire line of shell commands to have each section broken down and identified clearly
File directories
Root Directory
Description
Notes
/boot
Boot loader files
/dev
Device files
/etc
System configuration files
/home
User home directories
/lib
Libraries and kernel modules
/media
Removeable media mount point
Should have just been /mnt, but HERE WE ARE
/mnt
Mount point for temporary mounted file systems
/opt
Add-in application software packages
/bin
User binaries
/sbin
System binaries
/srv
Data for services
/tmp
Temporary files
/usr
User utilities and applications
/var
Variable files
/root
Root user home directory
/proc
Virtual file system
Navigating Linux and directories
cd
Change directory
Running without any changes will send you back to the home directory
cd /proc
/proc is the virtual file system , and contains information about running processes
ls
Show any visible (non-hidden) files
ls -lrta
mkdir
locate [string]
It will search a file index to look for and list any locations
sudo update db
ps aux
vi
Universally available text editor in Linux
Not VIM , which stands for "vi iMproved"
vi [file name]
Opens a file in "vi" text editor
vi editing commands
a - start editingEsc - stop editing: - Command for vi:wq! - quit
w - writeq - quit! - force/ignore errors
Running Processes
ps aux
Shows all processes
a - all processes
u - sorted by user
x - include the processes using a teletype terminal
How to Use the ps aux Command in Linux | Linode Docs
top
Shows live processes
Networking and file management
ip a
New version of ifconfig, shows network interface configuration and various stats
If it's not installed, you can install the iproute2 package from apt
ifconfig is no longer installed by default on newer versions of Linux, so you should get used to running ip a
However, if necessary, you can install net-tools (sudo apt install net-tools) to get it back
netstat
Displays active network connections
a - all listening and non-listening (e.g. established) connections
Listening sockets are waiting for a connection
Established sockets have an active connection
t - TCP connectionsu - UDP connections
lsof
List open files
lsof -i -P
Shows all open files and their connected devices
i - Shows all open network files
You can also specify an IP address to narrow it down to a specific host
P - Prohibits convert port numbers to names
Can make lsof run faster,
pipe, backpipe, what port it's listening to, etc.
Nmap
Linux Terminal History
history
Shows a complete history of Bash commands
Relatively easy to evade, add a space before the command
~$ ps aux~$ ps aux
Will NOT appear in the history