Skip to content

Hide Navigation Hide TOC

Persistence Via Sudoers Files (ddb26b76-4447-4807-871f-1b035b2bfa5d)

Detects creation of sudoers file or files in "sudoers.d" directory which can be used a potential method to persiste privileges for a specific user.

Cluster A Galaxy A Cluster B Galaxy B Level
Persistence Via Sudoers Files (ddb26b76-4447-4807-871f-1b035b2bfa5d) Sigma-Rules Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern 1
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern 2