Linux Privilege Escalation

Presented at BSidesLV 2023, Aug. 8, 2023, 10:30 a.m. (Unknown duration)

Attackers never stop at initial compromise; there is always an end goal objective which often requires privileged access to specific devices or systems. Identifying the correct privilege escalation vector can often feel like looking for a needle in a haystack, however with the right approach and understanding of the various controls in play, gaining full control can often be a safe assumption in many instances following initial foothold. This workshop aims to equip those likely to find themselves with an initial foothold, with the skills to practically exploit a given privilege escalation vector on the target Linux system.

Presenters:

• Andrew Suters
• Troy Defty
  Having worked in the UK and Australian InfoSec industries for just over a decade, and following 8 and a half years of red teaming, Troy jumped the proverbial fence from red to blue, and is currently a Security Engineering Manager at a tech company. His interest and experience is in detection engineering, red teaming, threat modelling, hardware, and assessing ICS environments. Other interests include music, electronics, the outdoors, travel, rugby, CTF, and being bad at golf.

Links:

• https://www.bsideslv.org/talks#GRPNVS

Similar Presentations:

• ShmooCon XIV (2018) / Libation Escalation - Scotch and Bubbles
• DerbyCon 9.0 Finish Line (2019) / Adventures in Azure Privilege Escalation
• Black Hat USA 2019 / Battle of Windows Service: A Silver Bullet to Discover File Privilege Escalation Bugs Automatically