Analytics Story: Linux Post-Exploitation
Description
This analytic story identifies popular Linux post exploitation tools such as autoSUID, LinEnum, LinPEAS, Linux Exploit Suggesters, MimiPenguin.
Why it matters
These tools allow operators find possible exploits or paths for privilege escalation based on SUID binaries, user permissions, kernel version and distro version.
Detections
| Name | Technique | Type |
|---|---|---|
| Suspicious Linux Discovery Commands | Unix Shell | TTP |
Data Sources
| Name | Platform | Sourcetype | Source |
|---|---|---|---|
| Sysmon for Linux EventID 1 |  Linux |
sysmon:linux |
Syslog:Linux-Sysmon/Operational |
References
Source: GitHub | Version: 1