Capabilities Discovery - Linux (d8d97d51-122d-4cdd-9e2f-01b4b4933530)
Detects usage of "getcap" binary. This is often used during recon activity to determine potential binaries that can be abused as GTFOBins or other.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Capabilities Discovery - Linux (d8d97d51-122d-4cdd-9e2f-01b4b4933530) | Sigma-Rules | File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) | Attack Pattern | 1 |