Attempted Administrator Privilege Gain
Much like the Attempted User Privilege Gain category of rule, the Attempted Administrator Privilege Gain classification detects privilege escalation attempts that would result in superuser-, root-, or administrator-level access to a host. Attempted Administrator Privilege Gain alerts are not proof positive that an attacker has administrator-level access; rather they signal that privilege escalation may have occurred.
Attempted Administrator Privilege Gain rules detect attempts to access superuser-level resources as well as exploits that attempt to compromise a host and deliver root-level access to the attacker. An attempted access to the ADMIN$ share on Windows system is a good example of an attempt to access ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
