Persistence via mounted Unix shell configuration modification

Persistence may be established by modifying a user's shell to execute arbitrary commands. This TTP searches for a mounted root directory and establishes Pneuma persistence via Unix shell configuration modification. It is important that containers cannot mount the host filesystem, as adversaries may establish persistence by modifying mounted files, elevate privileges, and escape the container.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Is my Docker container vulnerable to host filesystem mounting?


Escape Docker container by mounting host filesystem.