Persistence may be established by modifying a user's shell to execute arbitrary commands. This TTP searches for a mounted root directory and establishes Pneuma persistence via Unix shell configuration modification. It is important that containers cannot mount the host filesystem, as adversaries may establish persistence by modifying mounted files, elevate privileges, and escape the container.
View Command
To view this TTPs command, you must be logged in with a professional or enterprise license.