This detection rule is designed to monitor for potentially unauthorized use of GDB (GNU Debugger) on Linux systems. Specifically, it identifies instances where GDB is executed with arguments that allow it to attach to running processes, which attackers may exploit to extract sensitive information, such as credentials, from privileged processes. Tools known for memory dumping, like "truffleproc" and "bash-memory-dump", exhibit similar behavior. The rule is crucial for enhancing endpoint security, as memory dumping activities typically indicate suspicious behavior that warrants further investigation. The process initiation will trigger an alert if GDB is observed starting with the `--pid` or `-p` arguments, indicating an attempt to target another process. This detection mechanism aims to catch potential intrusions early and investigate their legitimacy meticulously.