This detection rule identifies the unauthorized use of remote debugging features in web browsers on UNIX-like systems. Threat actors often exploit these features to gain remote access, extract sensitive information, or maintain persistent control over compromised systems. By launching browsers such as Chrome, Chromium, Firefox, or Edge with specific debugging flags, attackers can bypass security measures and control browser sessions remotely. This rule monitors for processes initiated with the `--remote-debugging-` or `-start-debugger-` parameters, which indicate the initiation of remote debugging sessions. The rule extracts relevant data from endpoint logs, providing visibility into potentially harmful activities and helping security teams to take action against such threats. Additionally, as this technique is associated with browser session hijacking (T1185), detecting these flags can be critical in preventing data exfiltration and other malicious activities.