Home/ MITRE Matrix/ Privilege Escalation/ T1546.004

T1546.004Unix Shell Configuration Modification

T1546.004 — Unix Shell Configuration Modification is a MITRE ATT&CK technique in the Privilege Escalation tactic. Clankerusecase tracks 5 detection use cases covering it and 2 threat-intel articles citing it.

Privilege EscalationPersistence

View on the matrix → Filter Detection Library MITRE official spec ↗

5Use cases

2Articles

0Sub-techniques

2Tactics

↑ Parent technique: T1546 · Event Triggered Execution

Use cases covering this technique (5)

Linux Auditd Unix Shell Configuration Modification ESCU actions · alerting P Linux File Creation In Profile Directory ESCU actions · hunting P Linux Possible Append Command To Profile Config File ESCU actions · hunting P [LLM] Persistence written to user shell init or systemd user units from AUR build/install scriptlet Bespoke install · hunting DSΣPDDCS [LLM] s1ngularity nx: node modifies ~/.bashrc or ~/.zshrc to inject `sudo shutdown -h 0` Bespoke install · alerting DSΣPDD

Articles citing this technique (2)

crit 400+ AUR Packages Hijacked: What the “Atomic Arch” Campaign Means for Supply-Chain Security art-14

crit s1ngularity: Popular Nx Build System Package Compromised with Data-Stealing Malware art-778