Modify a line in wtmp – Linux Accounting

The /var/log/wtmp file in a Linux system contains data about past user logins.  An attacker may want to modify this file as one of the steps they take in covering their track.  One may also want to modify utmp or btmp as well.  This same technique can be used. The … Continue reading

  • The postings and views on this site are my own and do not necessarily reflect the positions, strategies, or opinions of any current or previous employer.