How to find the program that was executed to compromise the user?
Hi! I am quite new to wireshark so still trying to find my way around things. My task is to find the name of the program that was executed to compromise the user (i.e. a program that was carried out to give the attacker root privileges). My first instinct was to go through the HTTP requests, however I am still having trouble identifying which programs were the ones that allowed the hacker to gain root access.
Could I please have some assistance?
Thanks!