
Wrote up a breakdown of the Linux find command from a SOC/incident-response angle — not just syntax, but how it's actually used in live investigations.
Covers things like:
- Catching a web shell using
-mtime+-permchecks - Hunting SUID/SGID binaries for privilege escalation risks
- Spotting world-writable dirs commonly used for malware staging
Full post here if useful: https://www.xpert4cyber.com/2026/07/linux-find-command-guide.html
Curious what commands others reach for first during an incident — always interesting to see how different teams triage under pressure.
Top comments (0)