Tag
medium
advisory
Suspicious XDG-Open Command Execution on Linux
1 rule 2 TTPsThis brief details a detection rule for the `xdg-open` command on Linux systems, which attackers abuse to trick users into opening malicious documents or URLs, leading to user execution and potential system compromise.
endpoint
linux
execution
user-execution
initial-access
detection-rule
1r
2t
medium
advisory
Shell Execution via Elastic Endpoint on Linux
1 rule 3 TTPsThis brief details the detection of shell command execution initiated by the Elastic Endpoint agent on Linux systems, indicating potential post-exploitation activity such as remote access or command and control via misuse of the endpoint's response capabilities.
Elastic Endpoint +2
linux
endpoint-security
command-and-control
defense-evasion
execution
detection-rule
1r
3t