Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This is a proposal for a PrivEsc detection rule
The idea is to detect in the auditd logs the execution of the find command (for example, $find -perm -u=ws ...) looking for binaries or scripts that can be executed with elevated privileges.
- Loading branch information