When Macs Get Hacked - SANS Computer Forensics

Log Analysis:Privilege Escalationsu• 5/27/12 8:54:21.646 PM su: BAD SU oompa to rooton /dev/ttys001!• 5/28/12 8:57:44.032 PM su: oompa to root on /dev/ttys000!sudo• 5/27/12 8:48:15.790 PM sudo: oompa :TTY=ttys000 ; PWD=/Users/oompa/Documents ;USER=root ; COMMAND=/usr/bin/iosnoop!oompa@csh.rit.edu | @iamevltwin