Team 9
Mar 28 4PM
Dusty/Mandriva
John/OTRS

An attacker on Dusty sshed to John using the user jhale. 
They downloaded a script from 10.189.44.200 with HTTP called linpeas.sh that checks for privilege escalation possiblities. 
They logged in to the cmetzen account.

We restored the Mandriva and OTRS systems from a known good state.