diff --git a/docs/attack-emulation/README.md b/docs/attack-emulation/README.md
index e5083744..d322b6aa 100644
--- a/docs/attack-emulation/README.md
+++ b/docs/attack-emulation/README.md
@@ -37,10 +37,16 @@ Before installing Caldera, ensure you have the following prerequisites:
    ```bash
    sudo apt-get install python3-pip
    ```
+6 **npm and node**: Install Node and Node Package Manager
+
+```bash
+curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.5/install.sh | bash
+nvm install node
+```
 
 ## Installation Steps
 
-Follow these steps to install and set up Caldera:
+Follow these steps to install and set up Caldera, you can skip step:4 and step:5 :
 
 1. **Clone the Caldera Repository**:
    ```bash
diff --git a/docs/attack-emulation/escape-to-host/README.md b/docs/attack-emulation/escape-to-host/README.md
index 8bca6514..b093e2bd 100644
--- a/docs/attack-emulation/escape-to-host/README.md
+++ b/docs/attack-emulation/escape-to-host/README.md
@@ -9,7 +9,7 @@ Commands
 
 
 ```bash
-kubectl create -f https://raw.githubusercontent.com/5GSEC/nimbus/main/docs/attack-emulation/escape-to-host/pod.yaml
+kubectl create -f https://raw.githubusercontent.com/5GSEC/nimbus/main/docs/attack-emulation/pod.yaml
 ```
 
 ```bash
diff --git a/docs/attack-emulation/exploit-pfa/README.md b/docs/attack-emulation/exploit-pfa/README.md
new file mode 100644
index 00000000..e4e2d36f
--- /dev/null
+++ b/docs/attack-emulation/exploit-pfa/README.md
@@ -0,0 +1,87 @@
+
+## Defining Abilities
+
+Since exploit-pfa doesn't pre-exist in caldera abilities so we need to define the abilities by ourselves.
+
+### Create abilities
+
+Commands
+
+
+```bash
+kubectl create -f https://raw.githubusercontent.com/5GSEC/nimbus/main/docs/attack-emulation/pod.yaml
+```
+
+```bash
+kubectl get pods nginx 
+```
+
+```bash
+kubectl exec -it nginx -- /bin/bash -c "apt-get update && apt-get install -y git"
+```
+
+```bash
+kubectl exec -it nginx -- /bin/bash -c "cp /usr/bin/git /tmp/"
+```
+
+```bash
+kubectl exec -it nginx -- /bin/bash -c "/tmp/git clone https://github.com/thockin/test.git"
+```
+
+```bash
+kubectl delete pod nginx
+```
+
+### Create test pod
+
+![alt text](images/create-test-pod.png)
+
+### Get the pod
+
+![alt text](images/get-pod.png)
+
+### Install git
+
+![alt text](images/install-git.png)
+
+### Move git binary
+
+![alt text](images/move-git.png)
+
+## Clone a github repo
+
+![alt text](images/clone-repo.png)
+
+## Delete the test pod
+
+![alt text](images/delete-test-pod.png)
+
+## Create Adversary
+
+- `+` New Profile
+- `+` Add Ability
+
+![alt text](images/create-adversary.png)
+
+## Create Operation
+
+- `+` New Operation
+- set Adversary
+
+![alt text](images/operation.png)
+
+
+## Attack Emulation
+
+After creating the operation click on start to start the attack, optionally you can also check locally in your terminal that whether the caldera agent is working as expected or not.
+
+![alt text](images/emulation.png)
+
+
+
+## Mitigation
+
+For the mitigation of `Exploit-PFA` we need nimbus-kuberamor adapter to be in-place:
+- First we need to install nimbus, you can do so by following the steps over [here](../../docs/getting-started.md#nimbus).
+- Now you can follow the guide [here](../../docs/getting-started.md#nimbus-kubearmor) to install nimbus-kubearmor adapter.
+- Now apply the escape-host-intent in your cluster as defined [here](../../examples/namespaced/exploit-pfa-si
\ No newline at end of file
diff --git a/docs/attack-emulation/exploit-pfa/images/clone-repo.png b/docs/attack-emulation/exploit-pfa/images/clone-repo.png
new file mode 100644
index 00000000..118bf631
Binary files /dev/null and b/docs/attack-emulation/exploit-pfa/images/clone-repo.png differ
diff --git a/docs/attack-emulation/exploit-pfa/images/create-adversary.png b/docs/attack-emulation/exploit-pfa/images/create-adversary.png
new file mode 100644
index 00000000..7d646269
Binary files /dev/null and b/docs/attack-emulation/exploit-pfa/images/create-adversary.png differ
diff --git a/docs/attack-emulation/exploit-pfa/images/create-test-pod.png b/docs/attack-emulation/exploit-pfa/images/create-test-pod.png
new file mode 100644
index 00000000..ae953988
Binary files /dev/null and b/docs/attack-emulation/exploit-pfa/images/create-test-pod.png differ
diff --git a/docs/attack-emulation/exploit-pfa/images/delete-test-pod.png b/docs/attack-emulation/exploit-pfa/images/delete-test-pod.png
new file mode 100644
index 00000000..0755151b
Binary files /dev/null and b/docs/attack-emulation/exploit-pfa/images/delete-test-pod.png differ
diff --git a/docs/attack-emulation/exploit-pfa/images/emulation.png b/docs/attack-emulation/exploit-pfa/images/emulation.png
new file mode 100644
index 00000000..38d31544
Binary files /dev/null and b/docs/attack-emulation/exploit-pfa/images/emulation.png differ
diff --git a/docs/attack-emulation/exploit-pfa/images/get-pod.png b/docs/attack-emulation/exploit-pfa/images/get-pod.png
new file mode 100644
index 00000000..3a739097
Binary files /dev/null and b/docs/attack-emulation/exploit-pfa/images/get-pod.png differ
diff --git a/docs/attack-emulation/exploit-pfa/images/install-git.png b/docs/attack-emulation/exploit-pfa/images/install-git.png
new file mode 100644
index 00000000..e8ce17ac
Binary files /dev/null and b/docs/attack-emulation/exploit-pfa/images/install-git.png differ
diff --git a/docs/attack-emulation/exploit-pfa/images/move-git.png b/docs/attack-emulation/exploit-pfa/images/move-git.png
new file mode 100644
index 00000000..4309a9a7
Binary files /dev/null and b/docs/attack-emulation/exploit-pfa/images/move-git.png differ
diff --git a/docs/attack-emulation/exploit-pfa/images/operation.png b/docs/attack-emulation/exploit-pfa/images/operation.png
new file mode 100644
index 00000000..c4fd9949
Binary files /dev/null and b/docs/attack-emulation/exploit-pfa/images/operation.png differ
diff --git a/docs/attack-emulation/escape-to-host/pod.yaml b/docs/attack-emulation/pod.yaml
similarity index 91%
rename from docs/attack-emulation/escape-to-host/pod.yaml
rename to docs/attack-emulation/pod.yaml
index bdca2eba..f4496133 100644
--- a/docs/attack-emulation/escape-to-host/pod.yaml
+++ b/docs/attack-emulation/pod.yaml
@@ -2,6 +2,8 @@ apiVersion: v1
 kind: Pod
 metadata:
   name: nginx
+  labels:
+    app: nginx
 spec:
   containers:
   - image: nginx
diff --git a/examples/namespaced/exploit-pfa-si-sib.yaml b/examples/namespaced/exploit-pfa-si-sib.yaml
new file mode 100644
index 00000000..0cd5e7f6
--- /dev/null
+++ b/examples/namespaced/exploit-pfa-si-sib.yaml
@@ -0,0 +1,27 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright 2023 Authors of Nimbus
+
+apiVersion: intent.security.nimbus.com/v1
+kind: SecurityIntent
+metadata:
+  name: exploit-pfa
+spec:
+  intent:
+    id: PreventExecutionFromTempOrLogsFolders
+    description: "Mitigate the execution of harmful binaries which may result in exploiting public facing application"
+    action: Block
+---
+apiVersion: intent.security.nimbus.com/v1
+kind: SecurityIntentBinding
+metadata:
+  name: exploit-pfa-binding
+spec:
+  intents:
+    - name: exploit-pfa
+  selector:
+    any:
+      - resources:
+          kind: Pod
+          namespace: default
+          matchLabels:
+            app: nginx
diff --git a/pkg/adapter/idpool/idpool.go b/pkg/adapter/idpool/idpool.go
index 9f49805c..403e968f 100644
--- a/pkg/adapter/idpool/idpool.go
+++ b/pkg/adapter/idpool/idpool.go
@@ -19,11 +19,12 @@ const (
 	EscapeToHost              = "escapeToHost"
 	DisallowChRoot            = "disallowChRoot"
 	DisallowCapabilities      = "disallowCapabilities"
+	ExploitPFA                = "PreventExecutionFromTempOrLogsFolders"
 )
 
 // KaIds are IDs supported by KubeArmor.
 var KaIds = []string{
-	SwDeploymentTools, UnAuthorizedSaTokenAccess, DNSManipulation, EscapeToHost,
+	SwDeploymentTools, UnAuthorizedSaTokenAccess, DNSManipulation, EscapeToHost, ExploitPFA,
 }
 
 // list of policies which satisfies the given ID by Kubearmor
diff --git a/pkg/adapter/nimbus-kubearmor/processor/kspbuilder.go b/pkg/adapter/nimbus-kubearmor/processor/kspbuilder.go
index 1732ed17..8aba7689 100644
--- a/pkg/adapter/nimbus-kubearmor/processor/kspbuilder.go
+++ b/pkg/adapter/nimbus-kubearmor/processor/kspbuilder.go
@@ -64,6 +64,8 @@ func buildKspFor(id string) kubearmorv1.KubeArmorPolicy {
 		return disallowChRoot()
 	case idpool.DisallowCapabilities:
 		return disallowCapabilities()
+	case idpool.ExploitPFA:
+		return disallowBinaries()
 	default:
 		return kubearmorv1.KubeArmorPolicy{}
 	}
@@ -265,6 +267,47 @@ func disallowChRoot() kubearmorv1.KubeArmorPolicy {
 }
 
 
+func disallowBinaries() kubearmorv1.KubeArmorPolicy { // ref: https://www.tenable.com/audits/items/search?q=noexec&sort=&page=1
+	return kubearmorv1.KubeArmorPolicy{
+		Spec: kubearmorv1.KubeArmorPolicySpec{
+			File: kubearmorv1.FileType{
+				MatchDirectories: []kubearmorv1.FileDirectoryType{
+					{
+						Directory: "/var/tmp/",
+						Recursive: true,
+					},
+					{
+						Directory: "/tmp/",
+						Recursive: true,
+					},
+					{
+						Directory: "/var/log/",
+						Recursive: true,
+					},
+					{
+						Directory: "/app/logs/",
+						Recursive: true,
+					},
+					{
+						Directory: "/logs/",
+						Recursive: true,
+					},
+					{
+						Directory: "/etc/",
+						Recursive: true,
+					},
+					{
+						Directory: "/usr/lib/",
+						Recursive: true,
+					},
+				},
+				Action: kubearmorv1.ActionType("Block"),
+			},
+		},
+	}
+}
+
+
 func addManagedByAnnotation(ksp *kubearmorv1.KubeArmorPolicy) {
 	ksp.Annotations = make(map[string]string)
 	ksp.Annotations["app.kubernetes.io/managed-by"] = "nimbus-kubearmor"