Florian Roth
21 lines
566 B
YAML
21 lines
566 B
YAML
title: Sudo Enumeration Commands
|
|
id: c21c4eaa-ba2e-419a-92b2-8371703cbe21
|
|
description: Detects an attempt to gather information about high-privileged users
|
|
references:
|
|
- https://github.com/redcanaryco/atomic-red-team/blob/1ea8c4616ce373f6aea37a5f56a34157684d9e82/atomics/T1169/T1169.md
|
|
author: Ömer Günal
|
|
date: 2020/06/16
|
|
tags:
|
|
- attack.privilege_escalation
|
|
- attack.t1169
|
|
level: low
|
|
logsource:
|
|
product: linux
|
|
detection:
|
|
keywords:
|
|
- 'cat /etc/sudoers'
|
|
- 'vim /etc/sudoers'
|
|
condition: keywords
|
|
falsepositives:
|
|
- Unknown
|