Skip to content

DET0665 Detection of Exploitation for Privilege Escalation

Item Value
ID DET0665
Version 1.0
Created 21 October 2025
Last Modified 21 October 2025

Technique Detected: T1404 (Exploitation for Privilege Escalation)

Analytics

Android

AN1758

Mobile security products can potentially utilize device APIs to determine if a device has been rooted or jailbroken. Application vetting services could potentially determine if an application contains code designed to exploit vulnerabilities.

Log Sources
Data Component Name Channel
Host Status (DC0018) Sensor Health None
API Calls (DC0112) Application Vetting None
Mutable Elements
Field Description

iOS

AN1759

Mobile security products can potentially utilize device APIs to determine if a device has been rooted or jailbroken. Application vetting services could potentially determine if an application contains code designed to exploit vulnerabilities.

Log Sources
Data Component Name Channel
Host Status (DC0018) Sensor Health None
API Calls (DC0112) Application Vetting None
Mutable Elements
Field Description