Product
medium
advisory
AppArmor Policy Interface Tampering
3 rules 1 TTPDetection of unauthorized access to AppArmor kernel policy control interfaces, specifically the `.load`, `.replace`, or `.remove` files, indicating potential defense evasion or policy tampering on Linux systems.
AppArmor
defense-evasion
linux
3r
1t
medium
advisory
AppArmor Profile Compilation via apparmor_parser
2 rules 1 TTPAdversaries may abuse `apparmor_parser` to compile custom AppArmor profiles, potentially weakening security controls and facilitating privilege escalation on Linux systems.
AppArmor
defense-evasion
linux
2r
1t