Tag
medium
advisory
Potential Privilege Escalation via SUID/SGID on Linux
2 rules 2 TTPsAttackers may leverage misconfigured SUID/SGID permissions on Linux systems to escalate privileges to root or establish persistence by executing processes with root privileges initiated by non-root users.
Elastic Defend
privilege-escalation
persistence
defense-evasion
suid
sgid
2r
2t
medium
advisory
Potential Privilege Escalation via SUID/SGID Abuse on Linux
2 rules 3 TTPsThis rule detects potential privilege escalation attempts on Linux systems by identifying processes running with root privileges but initiated by non-root users, indicative of SUID/SGID abuse.
Elastic Defend
privilege-escalation
persistence
suid
sgid
2r
3t
high
advisory
Suspicious SUID Binary Execution on Linux
3 rules 2 TTPsThis rule detects the execution of privilege escalation helpers under the root effective user, when initiated by a non-root user with a suspicious parent process, indicating potential privilege escalation attempts.
privilege-escalation
suid
linux
3r
2t