28
My coworker Jake said to always check for hidden admin accounts after a breach
We had a small network issue at our office in Austin last month, and after we fixed it, Jake told me to run a specific command to list all user accounts. I found two I didn't recognize that were created right after the incident. Turns out, someone had tried to leave a backdoor. If I hadn't looked, they could have gotten back in anytime. What other simple checks do you guys do right after you think a problem is solved?
2 comments
Log in to join the discussion
Log In2 Comments
christopher3851mo ago
Check for weird new tasks in the scheduler too, that's another favorite trick.
7