Try in Splunk Security Cloud

Description

This analytic story identifies popular Linux post exploitation tools such as autoSUID, LinEnum, LinPEAS, Linux Exploit Suggesters, MimiPenguin.

  • Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
  • Datamodel: Endpoint
  • Last Updated: 2021-12-03
  • Author: Rod Soto
  • ID: d310ccfe-5477-11ec-ad05-acde48001122

Narrative

These tools allow operators find possible exploits or paths for privilege escalation based on SUID binaries, user permissions, kernel version and distro version.

Detections

Name Technique Type
Suspicious Linux Discovery Commands Unix Shell TTP

Reference

source | version: 1