Tag
medium
advisory
Potential Privilege Escalation via SUID/SGID on Linux
2 rules 2 TTPsAttackers may leverage misconfigured SUID/SGID permissions on Linux systems to escalate privileges to root or establish persistence by executing processes with root privileges initiated by non-root users.
Elastic Defend
privilege-escalation
persistence
defense-evasion
suid
sgid
2r
2t
medium
advisory
Potential Privilege Escalation via SUID/SGID Abuse on Linux
2 rules 3 TTPsThis rule detects potential privilege escalation attempts on Linux systems by identifying processes running with root privileges but initiated by non-root users, indicative of SUID/SGID abuse.
Elastic Defend
privilege-escalation
persistence
suid
sgid
2r
3t