search-files.md

search files on compromised domains

search for an interseting data (ip, username, ...)

/var/log, /home and /etc are useful places.

• Sometimes binary data can turn files into binary in grep point of view : use grep -nria (a for not skip binary files)