Unix7 abuse funcs
zshzsh
Platform
Unix
Abuse functions
7
Description
zsh is a Unix living-off-the-land binary catalogued by the GTFOBins. Documented abuse functions: download, file-read, file-write, inherit, reverse-shell, shell, upload. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1005, T1059, T1071, T1105, T1565, T1567. Defenders should monitor execution of zsh under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.
Abuse functions· 7
download
sudosuidunprivileged
file-read
sudosuidunprivileged
file-write
sudosuidunprivileged
inherit
sudosuidunprivileged
reverse-shell
sudosuidunprivileged
shell
sudosuidunprivileged
upload
sudosuidunprivileged
Abuses6
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Technique | Data Manipulationt1565 | 100% | live |
| Technique | Application Layer Protocolt1071 | 100% | live |
| Technique | Exfiltration Over Web Servicet1567 | 100% | live |
| Technique | Data from Local Systemt1005 | 95% | live |
| Technique | Command and Scripting Interpretert1059 | 90% | live |
| Technique | Ingress Tool Transfert1105 | 85% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.