Spawn elevated Pneuma via CVE-2021-3490 (eBPF)
Spawn a beacon using the (eBPF vulnerability) identified in CVE-2021-3490.The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution.
To view this TTPs command, you must be logged in with a professional or enterprise license.Login
Test this TTP
Download Operator (1.7.1)