← Back to Explore
T1546.017
Udev Rules
Adversaries may maintain persistence through executing malicious content triggered using udev rules. Udev is the Linux kernel device manager that dynamically manages device nodes, handles access to pseudo-device files in the `/dev` directory, and responds to hardware events, such as when external devices like hard drives or keyboards are plugged in or removed. Udev uses rule files with `match keys` to specify the conditions a hardware event must meet and `action keys` to define the actions that ...
Linux
3
Detections
1
Sources
0
Threat Actors
BY SOURCE
3elastic
PROCEDURES (2)
Process Creation Monitoring2 detections
Auto-extracted: 2 detections for process creation monitoring
File Monitoring1 detections
Auto-extracted: 1 detections for file monitoring