New from Ponemon Institute: The State of Offensive Security in 2023. Read the Report ›

Introduction to Linux - Privilege Escalation Methods

Presentation from Day of Shecurity 2019 explores privilege escalation methods in Linux.

Presentation by Kate Broussard at Day of Shecurity 2019

So you’ve managed to get a foothold into the web server — now what? Privilege escalation can be an intimidating process for those unfamiliar with Linux systems or advanced penetration testing techniques.

Servers are often cluttered with utilities, backups, and files; how do you find your way through to a root shell? Where are the first places an attacker might look for exploitable vulnerabilities?

This presentation explores common privilege escalation paths on Linux systems, including sticky bits, shell escapes, wildcard injections, and how to identify vulnerable services.

What's covered:

  • Priv esc definition + Framing
  • Easy mode
  • Sneaky mode
  • Boss mode
  • Summary
  • Resources

Kate broussard

About the author, Kate Broussard

Senior Security Consultant

Prior to Bishop Fox, Kate operated an independent application security consulting testing business focused on SMB penetration testing. During these engagements, she routinely exploited cross-site scripting vulnerabilities arising from the use of outdated JavaScript libraries. Kate also has extensive prior experience with web application development, including projects where she designed and developed instructional websites for university faculty. She managed and supervised a team of 30 to perform a large data transformation project on 3,000 files for a public university with over 50,000 enrolled students. Additionally, Kate has extensive experience with software development lifecycle (SDLC) documentation.

More by Kate

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.