Techniques
Sample rules
Shell Invocation via Env Command - Linux
- source: sigma
- technicques:
- t1059
Description
Detects the use of the env command to invoke a shell. This may indicate an attempt to bypass restricted environments, escalate privileges, or execute arbitrary commands.
Detection logic
condition: selection
selection:
CommandLine|endswith:
- /bin/bash
- /bin/dash
- /bin/fish
- /bin/sh
- /bin/zsh
Image|endswith: /env