Support

Scenario

Dokumentasi Simulasi Forensik OS - Simplified

1. SETUP ENVIRONMENT

  • [ x ] Screenshot: wsl --list showing Kali & Ubuntu

  • [ x ] Screenshot: SSH service running di Ubuntu (systemctl status ssh)

  • [ x ] Screenshot: Network IP kedua WSL (ip addr)

  • [ x ] Penjelasan: WSL networking dan SSH setup

2. BACKDOOR DEPLOYMENT

  • [ x ] Screenshot: File monitor script (file_monitor.sh)

  • [ x ] Screenshot: Script running in background (ps aux | grep monitor)

  • [ x ] Screenshot: Log directory created (ls -la /tmp/.logs/)

  • [ ] Penjelasan: Teknik monitoring filesystem events secara stealth

3. VICTIM ACTIVITIES

  • [ ] Screenshot: ZIP creation dengan password (zip -P "password" file.zip)

  • [ ] Screenshot: Environment variable dengan password (echo $ARCHIVE_PASSWORD)

  • [ ] Screenshot: Bash history showing sensitive commands

  • [ ] Penjelasan: Password leakage melalui environment variables

4. LOG CAPTURE & ANALYSIS

  • [ ] Screenshot: Real-time log file (tail -f /tmp/.system_activity.log)

  • [ ] Screenshot: Base64 decoded log entries

  • [ ] Screenshot: Password extraction dari logs

  • [ ] Penjelasan: Log analysis untuk credential harvesting

5. ATTACK EXECUTION

  • [ ] Screenshot: SSH connection dari Kali ke Ubuntu

  • [ ] Screenshot: Remote log access (cat /tmp/.system_activity.log)

  • [ ] Screenshot: Password testing (unzip -t secret.zip)

  • [ ] Penjelasan: Remote access dan credential validation

6. ZIP COMPROMISE

  • [ ] Screenshot: Successful ZIP extraction dengan stolen password

  • [ ] Screenshot: Sensitive file contents revealed

  • [ ] Penjelasan: Impact dari credential theft

7. FORENSIC EVIDENCE

  • [ ] Screenshot: Timeline reconstruction dari logs

  • [ ] Screenshot: Attack chain visualization

  • [ ] Screenshot: Security gaps identified

  • [ ] Penjelasan: Forensic analysis methodology dan findings

Total: ~20 screenshots + 7 technical explanations

KEY FOCUS AREAS:

  1. Password Leakage - Environment variables & bash history

  2. Log Monitoring - Stealth file system monitoring

  3. Remote Access - SSH exploitation

  4. Credential Harvesting - Extract passwords dari logs

  5. Impact Demonstration - Sensitive data access

Dokumentasi

Dokumentasi simulasi dan explanationnya akan gw masukin di sini

Simulasi SISOPOS Forensic Explanation

PreviousFinal Research Operating SystemNextSimulasi SISOP

Last updated