Linux Post-Exploitation
Description
This analytic story identifies popular Linux post exploitation tools such as autoSUID, LinEnum, LinPEAS, Linux Exploit Suggesters, MimiPenguin.
- Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
- Datamodel: Endpoint
- Last Updated: 2021-12-03
- Author: Rod Soto
- ID: d310ccfe-5477-11ec-ad05-acde48001122
Narrative
These tools allow operators find possible exploits or paths for privilege escalation based on SUID binaries, user permissions, kernel version and distro version.
Detections
Name | Technique | Type |
---|---|---|
Suspicious Linux Discovery Commands | Unix Shell | TTP |
Reference
source | version: 1