Tag
high
advisory
Potential Privilege Escalation via SUID/SGID on Linux
3 rules 2 TTPsThis rule detects potential privilege escalation under the root effective user when the real user and parent user are not root, indicative of the execution of binaries with SUID or SGID bits set, often exploited by adversaries to gain elevated access on Linux systems.
Elastic Endpoint Security
privilege-escalation
suid
sgid
linux
3r
2t
medium
advisory
Potential Privilege Escalation via SUID/SGID on Linux
2 rules 2 TTPsAttackers may leverage misconfigured SUID/SGID permissions on Linux systems to escalate privileges to root or establish persistence by executing processes with root privileges initiated by non-root users.
Elastic Defend
privilege-escalation
persistence
defense-evasion
suid
sgid
2r
2t
medium
advisory
Potential Privilege Escalation via SUID/SGID Abuse on Linux
2 rules 3 TTPsThis rule detects potential privilege escalation attempts on Linux systems by identifying processes running with root privileges but initiated by non-root users, indicative of SUID/SGID abuse.
Elastic Defend
privilege-escalation
persistence
suid
sgid
2r
3t