EXPLORE
Sign In
← Back to Explore
T1055.008

Ptrace System Calls

Adversaries may inject malicious code into processes via ptrace (process trace) system calls in order to evade process-based defenses as well as possibly elevate privileges. Ptrace system call injection is a method of executing arbitrary code in the address space of a separate live process. Ptrace system call injection involves attaching to and modifying a running process. The ptrace system call enables a debugging process to observe and control another process (and each individual thread), in...

Linux
4
Detections
1
Sources
0
Threat Actors

BY SOURCE

4elastic

PROCEDURES (3)

Privilege2 detections

Auto-extracted: 2 detections for privilege

Inject1 detections

Auto-extracted: 1 detections for inject

Privilege1 detections

Auto-extracted: 1 detections for privilege

DETECTIONS (4)

Linux Process Hooking via GDB
elasticlow
Potential Sudo Token Manipulation via Process Injection
elasticmedium
Privilege Escalation via GDB CAP_SYS_PTRACE
elasticmedium
Root Network Connection via GDB CAP_SYS_PTRACE
elasticmedium