Lab 10: Incident Response Simulation — CompTIA A+ Cyber Companion

0 / 8 tasks completed

📋 Tasks

1 Identify unexpected listening services

ss -tlnp

2 Investigate the suspicious process on port 4444

ps aux | grep nc

3 Check for suspicious processes sorted by CPU usage

ps aux | grep -v '\[' | sort -nrk 3 | head -10

4 Contain: Kill the suspicious processes

sudo kill -9 3847 3200

5 Block the attacker's network connections

sudo ufw deny from 10.0.0.55

6 Search for the malware artifacts

sudo find /tmp -name '.*' -type d

7 Remove the malware

sudo rm -rf /tmp/.hidden

8 Verify recovery — check that port 4444 is closed

ss -tlnp | grep 4444

bash — cyber-lab

Welcome to Lab 10: Incident Response Simulation

Type commands below to complete each task. Type 'help' for available commands.

──────────────────────────────────────────────

student@cyber-lab:~$

💡 Complete task 1: Identify unexpected listening services

Write a one-page incident report documenting the timeline, findings, and remediation steps.

← Lab 9 All Labs