[Meta] Linux Privilege Escalation Research & Detection Engineering

Summary

Analyze commonly exploited linux privilege escalation vectors, research the methodology required to exploit those vectors and analyze whether we can detect these vectors, and if not, create detection rules to cover our detection gaps.

### Tasks
- [x] Identify a set of linux privilege escalation vectors that we currently have no coverage for (week 1-2)
- [x] Exploit and research these privilege escalation vectors (week 1-2)
- [x] Write DRs for these coverage gaps (week 1-2)
- [x] Get PRs merged

Goals

Identify a set of linux privilege escalation vectors that we currently do not detect.
Identify whether we can create detection rules for these vectors, and if so, create these DRs.
DRs with little to no FPs will be (or will be in the future) converted to ERs.

Resources:

https://www.rgrosec.com/post/2022-02-17-linux-privilege-escalation.html https://book.hacktricks.xyz/linux-hardening/privilege-escalation https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS https://github.com/rebootuser/LinEnum

elastic / detection-rules

[Meta] Linux Privilege Escalation Research & Detection Engineering #2955

Summary

Goals

Resources:

PRs