Clankerusecase
MITRE ATT&CK detection coverage
 ← Back to main site
Home/ MITRE Matrix/ Privilege Escalation/ T1548.003

T1548.003Sudo and Sudo Caching

T1548.003 — Sudo and Sudo Caching is a MITRE ATT&CK technique in the Privilege Escalation tactic. Clankerusecase tracks 41 detection use cases covering it and 4 threat-intel articles citing it.

Privilege Escalation
View on the matrix → Filter Detection Library MITRE official spec ↗
41Use cases
4Articles
0Sub-techniques
1Tactic
↑ Parent technique: T1548 · Abuse Elevation Control Mechanism

Use cases covering this technique (41)

Linux APT Privilege Escalation ESCU actions · hunting P Linux Auditd Doas Conf File Creation ESCU actions · alerting P Linux Auditd Doas Tool Execution ESCU actions · hunting P Linux Auditd Nopasswd Entry In Sudoers File ESCU actions · hunting P Linux Auditd Possible Access To Sudoers File ESCU actions · hunting P Linux Auditd Sudo Or Su Execution ESCU actions · hunting P Linux AWK Privilege Escalation ESCU actions · hunting P Linux Busybox Privilege Escalation ESCU actions · hunting P Linux c89 Privilege Escalation ESCU actions · hunting P Linux c99 Privilege Escalation ESCU actions · hunting P Linux Composer Privilege Escalation ESCU actions · hunting P Linux Cpulimit Privilege Escalation ESCU actions · hunting P Linux Csvtool Privilege Escalation ESCU actions · hunting P Linux Doas Conf File Creation ESCU actions · hunting P Linux Doas Tool Execution ESCU actions · hunting P Linux Emacs Privilege Escalation ESCU actions · hunting P Linux Find Privilege Escalation ESCU actions · hunting P Linux GDB Privilege Escalation ESCU actions · hunting P Linux Gem Privilege Escalation ESCU actions · hunting P Linux GNU Awk Privilege Escalation ESCU actions · hunting P Linux Make Privilege Escalation ESCU actions · hunting P Linux MySQL Privilege Escalation ESCU actions · hunting P Linux Node Privilege Escalation ESCU actions · hunting P Linux NOPASSWD Entry In Sudoers File ESCU actions · hunting P Linux Octave Privilege Escalation ESCU actions · hunting P Linux OpenVPN Privilege Escalation ESCU actions · hunting P Linux PHP Privilege Escalation ESCU actions · hunting P Linux Possible Access To Sudoers File ESCU actions · hunting P Linux Puppet Privilege Escalation ESCU actions · hunting P Linux RPM Privilege Escalation ESCU actions · hunting P Linux Ruby Privilege Escalation ESCU actions · hunting P Linux Sqlite3 Privilege Escalation ESCU actions · hunting P Linux Sudo OR Su Execution ESCU actions · hunting P Linux Sudoers Tmp File Creation ESCU actions · hunting P Linux Visudo Utility Execution ESCU actions · hunting P Linux apt-get Privilege Escalation ESCU actions · hunting P Linux Docker Privilege Escalation ESCU actions · hunting P [LLM] Passwordless sudo rule dropped into /etc/sudoers.d (Miasma privilege escalation) Bespoke exploit · alerting DSΣPDDCS [LLM] Container privilege escalation via Looney Tunables, PwnKit, sudo chroot Bespoke exploit · alerting DSΣPDDCS [LLM] bun runtime executed on CI runner spawning python3 with sudo escalation Bespoke install · alerting DSΣPDDCS [LLM] UAT-8616 post-compromise on SD-WAN: SSH key add, NETCONF edit, su root, XMRig miner.sh Bespoke actions · alerting DSPDDCS

Articles citing this technique (4)

crit Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign art-139
crit What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant art-180
med actions-cool/issues-helper GitHub Action Compromised: All Tags Point to Imposter Commit That Exfiltrates CI/CD Credentials art-268
crit Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities art-302