Analytics Story: Linux Post-Exploitation

Description

This analytic story identifies popular Linux post exploitation tools such as autoSUID, LinEnum, LinPEAS, Linux Exploit Suggesters, MimiPenguin.

Why it matters

These tools allow operators find possible exploits or paths for privilege escalation based on SUID binaries, user permissions, kernel version and distro version.

Detections

Name ▲▼ Technique ▲▼ Type ▲▼
Suspicious Linux Discovery Commands Unix Shell TTP

Data Sources

Name ▲▼ Platform ▲▼ Sourcetype ▲▼ Source ▲▼
CrowdStrike ProcessRollup2 N/A crowdstrike:events:sensor crowdstrike
Sysmon EventID 1 Windows icon Windows xmlwineventlog XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
Windows Event Log Security 4688 Windows icon Windows xmlwineventlog XmlWinEventLog:Security

References


Source: GitHub | Version: 1