Skip to content

[Meta] Linux Privilege Escalation Research & Detection Engineering #2955

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Aegrah opened this issue Jul 24, 2023 · 1 comment
Closed

[Meta] Linux Privilege Escalation Research & Detection Engineering #2955

Aegrah opened this issue Jul 24, 2023 · 1 comment
Assignees
@Aegrah
Labels
Meta OS: Linux Team: TRADE

Comments

@Aegrah
Copy link
Contributor

Aegrah commented Jul 24, 2023
edited
Loading

Summary

Analyze commonly exploited linux privilege escalation vectors, research the methodology required to exploit those vectors and analyze whether we can detect these vectors, and if not, create detection rules to cover our detection gaps.

### Tasks
- [x] Identify a set of linux privilege escalation vectors that we currently have no coverage for (week 1-2)
- [x] Exploit and research these privilege escalation vectors (week 1-2)
- [x] Write DRs for these coverage gaps (week 1-2)
- [x] Get PRs merged

Goals

  • Identify a set of linux privilege escalation vectors that we currently do not detect.
  • Identify whether we can create detection rules for these vectors, and if so, create these DRs.
  • DRs with little to no FPs will be (or will be in the future) converted to ERs.

Resources:

https://www.rgrosec.com/post/2022-02-17-linux-privilege-escalation.html
https://book.hacktricks.xyz/linux-hardening/privilege-escalation
https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS
https://github.com/rebootuser/LinEnum

PRs
@Aegrah Aegrah self-assigned this Jul 24, 2023
@brokensound77
Copy link
Contributor

Just did a review of all pending rules 👍, great job

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Aegrah Aegrah

Labels
Meta OS: Linux Team: TRADE
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brokensound77 @DefSecSentinel @Aegrah