Hacker News new | ask | show | jobs
by notathing 2504 days ago
The biggest fail here was that 32 bit program warning, which probably alerted the employee.

Notice that they didn't actually have an alert for Firefox+Shell, they detected that later by inspecting the audit logs.
1 comments
staticassertion 2503 days ago
> We detected the attacker at this stage, based on a number of behaviors (e.g. Firefox shouldn’t spawn a shell).

They explicitly state it was one of the behaviors they detected as suspicious.

link