On-Demand: Linux Privilege Escalation Bootcamp

Familiarize yourself with beginner-to-advanced privilege escalation techniques on Linux.

Recordings of this bootcamp are now available as part of our annual subscription. Subscribe to enjoy:
  • Access to all on-demand bootcamps and relevant labs, including this one
  • 2000+ hands-on labs covering another 130+ subtopics
Write your awesome label here.

What You'll Learn

The focus of this bootcamp is to familiarize you with beginner-to-advanced privilege escalation techniques on Linux. You will learn how to identify and leverage misconfigurations to perform horizontal/vertical escalation.

The bootcamp will cover techniques starting from traditional privilege escalation methodologies to advanced concepts such as Linux capabilities.
  • 11+ Hours of Live Session Recordings

  • Over 35 Lab Exercises

Subscribe to access bootcamp recordings and more!

  • Bootcamp recordings for select topics, accessible anytime

Follow along with instructors as they walk you through both theory and practice! With bootcamp recordings at your fingertips, master in-demand topics at your own pace, without time zone concerns. Take your time to go through our massive content library – you'll need it!
  • Access 135+ topics

Expand your horizons beyond bootcamps with 2000+ hands-on labs and 1500+ video courses! Our annual subscription grants you access to a massive content library – perfect for self-paced learning on an ongoing basis. View our entire list of topics here.
  • Browser-based platform; no VPN needed 

Learning with us is simple. Our labs are completely browser-based and include access to a Terminal/GUI-based Kali, Ubuntu or other operating systems, with the necessary tools and scripts pre-installed. All you need is an internet connection to get started!
  • Real-world scenarios

Our lab scenarios are based on real-world circumstances as much as possible. With realistic scenarios, students are prepared for actual pentesting and Red Team engagements.
  • Earn verifiable badges

Complete challenges to earn badges. Verified by Accredible, badges declare your skill in specific topics and are easily shared on social media to help your profile stand out!

Accessible via our AttackDefense lab platform

Upon logging in to the AttackDefense lab platform, annual subscribers will be able to access recordings of all our on-demand bootcamps and associated labs.

Prerequisites

1. A basic knowledge of computers and networking
2. Familiarity with the Linux operating system

Bootcamp Syllabus

Module I: Basic Privilege Escalation Techniques Part I

  • Linux Concepts
  • Linux Users and Groups
  • Linux File Permissions
  • Interactive programs
  • Text Editor
  • Terminal based Browsers
  • Popular Linux Utilities
  • Cron Job
  • Crontab File formats
  • User vs System crontab
  • Shared Libraries
  • Understanding the Load Order
  • Creating a shared library
  • Misconfigured SUID
  • Misconfigured SUDO
  • Misconfigured File Permissions

Module II: Basic Privilege Escalation Techniques Part II

  • Leveraging Cron Jobs
  • Unix Wildcards gone wild
  • World writable scripts
  • World readable cron error messages
  • Symlinks and PATH-based misconfigurations
  • Vulnerable Application and Services
  • Web to Root
  • App to Root
  • Shared Library Injection

Module III: Breaking out of Restricted Environments

  • Restricted Shells
  • Chroot Jail
  • Docker Environment
  • Privileged Containers
  • Mounted Docker Socket
  • Shared Network Namespace
  • Additional Capabilities
  • Leveraging Management Tools
  • Best Practices

Module IV: Linux Capabilities

  • Introduction to Linux Capabilities
  • History
  • Process and file capabilities
  • Linux Capabilities Sets
  • Identifying capabilities provided to binaries and running process
  • Managing capabilities
  • Abusing Linux Capabilities
  • CAP_DAC_READ_SEARCH
  • CAP_SYS_MODULE
  • CAP_SYS_ADMIN
  • CAP_SYS_PTRACE
Meet the instructor

Jeswin Mathai

He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo labs (DEFCON). He has also been a co-trainer in classroom trainings conducted at HITB, RootCon, OWASP NZ Day. He has a Bachelor degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals, conducted awareness workshops for government institutions. His area of interest includes Malware Analysis and Reverse Engineering, Cryptography, WiFi security, and Web Application Security.
Jeswin Mathai - Instructor

Get informed about future bootcamps!

Thank you!
Thank you!
Created with