Attackers looking for a specific mission target commonly gain access to a host or container adjacent to their mission target. To move laterally to the planned target, attackers commonly try to find credentials that would give them access to the host or container in question. A technique for finding these credentials is memory dumping. By dumping the contents of system memory to disk, an attacker can often find unencrypted credentials.
This detection monitors the access of memory and memory maps that can be accessed from the
/proc/ directory on Linux.