{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/sudoers/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["persistence","privilege-escalation","linux","sudoers"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe sudoers.d directory on Linux systems is designed to allow administrators to manage sudo privileges by adding individual files rather than modifying the main /etc/sudoers file. An attacker who gains initial access to a system can exploit this by creating or modifying files within this directory to grant themselves or other malicious actors elevated privileges. This can be done to ensure persistent access, even if other initial access methods are detected and remediated. The modification of…\u003c/p\u003e\n","date_modified":"2026-04-27T23:12:30Z","date_published":"2026-04-27T23:12:30Z","id":"/briefs/2026-04-sudoers-persistence/","summary":"Attackers can achieve persistence and privilege escalation on Linux systems by creating or modifying files in the /etc/sudoers.d/ directory to grant unauthorized users or groups sudo privileges.","title":"Linux Persistence via Sudoers.d File Manipulation","url":"https://feed.craftedsignal.io/briefs/2026-04-sudoers-persistence/"}],"language":"en","title":"CraftedSignal Threat Feed — Sudoers","version":"https://jsonfeed.org/version/1.1"}