Linux Shell Invocation via Env Command
The 'env' command is used to invoke a shell on Linux systems, potentially bypassing restricted environments or escalating privileges to execute arbitrary commands.
The ’env’ command in Linux is typically used to run a program in a modified environment without altering the existing environment variables. However, attackers can abuse this command to invoke a shell directly, potentially bypassing restricted environments. This is often a technique used for privilege escalation or executing arbitrary commands in situations where direct shell access is limited. This activity matters for defenders because it can indicate an attacker attempting to gain…
Detection coverage 2
Shell Invocation via Env Command - Linux
highDetects the use of the env command to invoke a shell, potentially indicating an attempt to bypass restricted environments or escalate privileges.
Shell Invocation via Env Command - Linux - Alternative Path
highDetects the use of the env command to invoke a shell, potentially indicating an attempt to bypass restricted environments or escalate privileges. This rule covers alternative paths to the env binary.
Detection queries are kept inside the platform. Get full rules →