blueteamsec

628 readers

45 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago

MODERATORS

digicat

witr: Why is this running? - Linux - It explains where a running thing came from, how it was started, and what chain of systems is responsible for it existing right now, in a single, human-readable (github.com)

submitted 1 month ago by digicat to c/blueteamsec

6 comments fedilink hide all child comments

top 6 comments

sorted by: hot top controversial new old

[–] eleijeep@piefed.social 11 points 1 month ago (1 children)

🤖 LLM generated README

Tools that interact with the system require a certain level of trust. For a 2 week old project (with 9k stars already?) with an AI generated README, I'll stick to the standard tools that already do this, thanks.

[–] AmbiguousProps@lemmy.today 3 points 1 month ago (1 children)

I'm interested in what the standard tools that do this are, got any names or links by chance?

[–] eleijeep@piefed.social 4 points 1 month ago (1 children)

I regularly use ps pstree lsof netstat ss and the /proc/ filesystem, and when containers are involved lsns nsenter and if it's flatpak sometimes flatpak enter

Learning how to use /proc/ is indispensable

[–] eleijeep@piefed.social 4 points 1 month ago (1 children)

And for realtime monitoring, in addition to your favourite top program for process info, there's also iostat and iftop which are very useful for IO and network monitoring respectively, but that's not really what the tool in this post was about.

[–] AmbiguousProps@lemmy.today 3 points 1 month ago

Cool, thanks! I knew some of those but not all of them. Appreciate it!

[–] Greddan@feddit.org 5 points 1 month ago