Skip to content

Hide Navigation Hide TOC

Access of Sudoers File Content (0f79c4d2-4e1f-4683-9c36-b5469a665e06)

Detects the execution of a text-based file access or inspection utilities to read the content of /etc/sudoers in order to potentially list all users that have sudo rights.

Cluster A Galaxy A Cluster B Galaxy B Level
Access of Sudoers File Content (0f79c4d2-4e1f-4683-9c36-b5469a665e06) Sigma-Rules Client Configurations - T1592.004 (774ad5bb-2366-4c13-a8a9-65e50b292e7c) Attack Pattern 1
Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern Client Configurations - T1592.004 (774ad5bb-2366-4c13-a8a9-65e50b292e7c) Attack Pattern 2