Containers that are running in privileged mode may be vulnerable to a privilege escalation and container escape. This TTP attempts to configure a cgroup controller release_agent to execute an arbitrary script as the root user. It is important that containers are not running in privileged mode, as adversaries may establish persistence by modifying mounted files, elevate privileges, and escape the container.
View Command
To view this TTPs command, you must be logged in with a professional or enterprise license.