Analyze commonly exploited linux privilege escalation vectors, research the methodology required to exploit those vectors and analyze whether we can detect these vectors, and if not, create detection rules to cover our detection gaps.
### Tasks
- [x] Identify a set of linux privilege escalation vectors that we currently have no coverage for (week 1-2)
- [x] Exploit and research these privilege escalation vectors (week 1-2)
- [x] Write DRs for these coverage gaps (week 1-2)
- [x] Get PRs merged
Goals
Identify a set of linux privilege escalation vectors that we currently do not detect.
Identify whether we can create detection rules for these vectors, and if so, create these DRs.
DRs with little to no FPs will be (or will be in the future) converted to ERs.
Summary
Analyze commonly exploited linux privilege escalation vectors, research the methodology required to exploit those vectors and analyze whether we can detect these vectors, and if not, create detection rules to cover our detection gaps.
Goals
Resources:
https://www.rgrosec.com/post/2022-02-17-linux-privilege-escalation.html https://book.hacktricks.xyz/linux-hardening/privilege-escalation https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS https://github.com/rebootuser/LinEnum
PRs