Home/ MITRE Matrix/ Persistence/ T1547.006

T1547.006Kernel Modules and Extensions

T1547.006 — Kernel Modules and Extensions is a MITRE ATT&CK technique in the Persistence tactic. Clankerusecase tracks 10 detection use cases covering it.

PersistencePrivilege Escalation

View on the matrix → Filter Detection Library MITRE official spec ↗

10Use cases

0Articles

0Sub-techniques

2Tactics

↑ Parent technique: T1547 · Boot or Logon Autostart Execution

Use cases covering this technique (10)

[WEEKLY] Linux LPE chain — anomalous algif_aead/esp4/esp6/rxrpc kernel-module load followed by same-user root transition Internal exploit · alerting DSPDD Linux Auditd Insert Kernel Module Using Insmod Utility ESCU actions · hunting P Linux Auditd Install Kernel Module Using Modprobe Utility ESCU actions · hunting P Linux Auditd Kernel Module Using Rmmod Utility ESCU actions · alerting P Linux Auditd Unload Module Via Modprobe ESCU actions · alerting P Linux File Created In Kernel Driver Directory ESCU actions · hunting P Linux Insert Kernel Module Using Insmod Utility ESCU actions · hunting P Linux Install Kernel Module Using Modprobe Utility ESCU actions · hunting P Windows Snake Malware Kernel Driver Comadmin ESCU actions · alerting P Windows Snake Malware Service Create ESCU actions · alerting P