Analytics Story: Linux Post-Exploitation

Description

This analytic story identifies popular Linux post exploitation tools such as autoSUID, LinEnum, LinPEAS, Linux Exploit Suggesters, MimiPenguin.

Why it matters

These tools allow operators find possible exploits or paths for privilege escalation based on SUID binaries, user permissions, kernel version and distro version.

Detections

Name ▲▼ Technique ▲▼ Type ▲▼
Suspicious Linux Discovery Commands Unix Shell TTP

Data Sources

Name ▲▼ Platform ▲▼ Sourcetype ▲▼ Source ▲▼
Sysmon for Linux EventID 1 Linux icon Linux sysmon:linux Syslog:Linux-Sysmon/Operational

References


Source: GitHub | Version: 1