Advanced Privilege Escalation Techniques: Linux & Windows (December 2024)

₹ 8,000
100% positive reviews
24 students
58 lessons
Language: English
0 quiz
Assessments: Yes
Available on the app
Unlimited access forever
Skill level: Expert
This course provides in-depth knowledge of privilege escalation techniques, covering manual and automated enumeration, identifying and exploiting vulnerabilities, and defending against privilege escalation attacks on both Linux and Windows systems. You will gain hands-on experience using popular tools and techniques, …
Description
Curriculum
Instructor
This course provides in-depth knowledge of privilege escalation techniques, covering manual and automated enumeration, identifying and exploiting vulnerabilities, and defending against privilege escalation attacks on both Linux and Windows systems. You will gain hands-on experience using popular tools and techniques, such as kernel and service exploits, password mining, sudo abuse, mimikatz, and impersonation attacks.
Module 1: Introduction to Privilege Escalation
- Overview of Privilege Escalation
- What is privilege escalation?
- Types of privilege escalation: Vertical vs. Horizontal
- Real-world examples of privilege escalation attacks
- Why privilege escalation matters in security assessments
- Ethical hacking and penetration testing
- Understanding the “attack surface” of operating systems
Module 2: Manual Enumeration for Privilege Escalation (Linux & Windows)
- User Enumeration
- Listing users (Linux:
/etc/passwd
, Windows:net user
) - Identifying high-privileged users and groups
- Analyzing user permissions and groups
- Listing users (Linux:
- Operating System and Kernel Details
- Linux:
uname -r
,cat /proc/version
- Windows:
systeminfo
,wmic os get
- Linux:
- Network Enumeration
- Linux:
ifconfig
,netstat
,route
- Windows:
ipconfig
,netstat
,route print
- Linux:
- Application and Service Enumeration
- Identifying running services (Linux:
ps aux
,systemctl
, Windows:tasklist
,services.msc
) - Verifying vulnerable services or misconfigurations
- Identifying running services (Linux:
- Home Directory Enumeration
- Identifying user home directories (Linux:
ls -l /home
, Windows:dir C:\Users
) - Checking for world-writable files or files with improper permissions
- Identifying user home directories (Linux:
Module 3: Automated Enumeration and Vulnerability Scanning Tools
- Automated Enumeration Tools
- Linux Tools:
LinPEAS
,Lynis
,GTFOBins
,Linux Exploit Suggester
- Windows Tools:
PowerUp
,Sherlock
,Windows Exploit Suggester
- Linux Tools:
- Vulnerability Scanning and Identification
- Scanning for kernel vulnerabilities
- Checking for unpatched services and applications
- Using tools like Nmap, Nessus, or OpenVAS for vulnerability discovery
Module 4: Exploiting Privilege Escalation Vulnerabilities on Linux
- Kernel Exploits
- Understanding and exploiting kernel vulnerabilities
- Using tools like ExploitDB, Searchsploit, and Metasploit
- Service Exploits
- Abusing misconfigured services for privilege escalation
- Exploiting SUID/SGID binaries
- Manipulating vulnerable system services (e.g., cron jobs, systemd timers)
- Password Mining and Cracking
- Cracking password hashes (
/etc/shadow
) using tools like John the Ripper and Hashcat
- Cracking password hashes (
- Abusing the PATH Variable
- Understanding how PATH manipulation can escalate privileges
- Crafting malicious executables in the PATH
- Sudo and Shell Escape Sequences
- Exploiting misconfigurations in
sudo
permissions - Using shell escape sequences to gain higher privileges
- Example: Exploiting
sudo
withpython -c
and other tricks
- Exploiting misconfigurations in
- Capabilites and Cron Jobs
- Identifying misconfigured cron jobs and systemd timers
- Abusing cron jobs to execute arbitrary commands
Module 5: Exploiting Privilege Escalation Vulnerabilities on Windows
- Kernel Exploits and Service Exploits
- Exploiting Windows kernel vulnerabilities (e.g., Ring0 exploits)
- Service misconfigurations (e.g., Service Control Manager (SCM) exploits)
- Registry Exploits
- Abusing the Windows registry for privilege escalation
- Modifying registry keys to escalate privileges
- Example: Manipulating
HKLM\SYSTEM\CurrentControlSet\Services
for service hijacking
- Password Mining and Cracking
- Extracting passwords from SAM and LSA Secrets
- Using tools like Mimikatz to dump credentials and clear text passwords
- Scheduled Tasks
- Identifying and exploiting vulnerable scheduled tasks
- Creating malicious tasks for privilege escalation
- Example: Using schtasks and at to schedule tasks with high privileges
- Impersonation Attacks
- Understanding Token Impersonation and Pass-the-Hash attacks
- Using mimikatz to impersonate high-privilege users
- Abusing Startup Apps for Privilege Escalation
- Identifying and exploiting startup programs and services
- Modifying startup programs (e.g., registry keys, Task Scheduler)
Module 6: Advanced Techniques for Privilege Escalation
- Linux NFS Root Squashing
- Understanding NFS vulnerabilities and how to bypass root squashing
- Exploiting NFS misconfigurations to escalate privileges
- Impersonation & “Potato” Attacks
- Windows NTLMv1/2 impersonation using Impacket tools
- Overview of Kerberos Ticket Granting Ticket (TGT) and Pass-the-Ticket attacks
- “DCOM” and MS17-010 EternalBlue vulnerabilities for privilege escalation
- Living off the Land (LoL) and Post-Exploitation
- Leveraging built-in tools and utilities for post-exploitation (e.g., PowerShell, bash,
netcat
) - Staying under the radar and maintaining persistence
- Leveraging built-in tools and utilities for post-exploitation (e.g., PowerShell, bash,
Module 7: Defending Against Privilege Escalation
- Hardening Linux Systems
- Using AppArmor and SELinux to restrict privilege escalation
- Configuring sudo securely
- Regularly patching the kernel and system services
- Setting up file permissions and limiting access to sensitive files
- Configuring auditing tools (e.g., auditd) to monitor for privilege escalation attempts
- Hardening Windows Systems
- Configuring User Account Control (UAC) to prevent privilege escalation
- Disabling or securing vulnerable services (e.g., SMBv1, RDP)
- Enforcing least privilege through group policies and Windows Defender Application Control
- Implementing Windows Defender to detect privilege escalation tools like Mimikatz
- Enforcing BitLocker and Credential Guard for password protection
- Detection and Monitoring
- Using SIEM tools (e.g., Splunk, Elastic Stack) for detecting privilege escalation indicators
- Implementing audit trails and system logs to identify anomalous behavior
- Setting up intrusion detection systems (IDS) for early detection of exploitation attempts
Curriculum
- 5 Sections
- 58 Lessons
- 4 Weeks
Expand all sectionsCollapse all sections
- File Transfers5
- Tunnel - Port Forwarding5
- Linux Privilege Escalation25
- 3.1Linux Privilege Escalation1 Hour
- 3.2Kernel Exploitation1 Hour
- 3.3Network Details1 Hour
- 3.4Applications & Services Details1 Hour
- 3.5Applications & Services Details – 21 Hour
- 3.6Creating a Linux service with systemd1 Hour
- 3.7Password Mining1 Hour
- 3.8Password Mining – Configuration Files1 Hour
- 3.9User Home Directory Enumeration1 Hour
- 3.10Permissions on critical system files1 Hour
- 3.11SUID Privilege Escalation1 Hour
- 3.12SUID Privilege Escalation – 21 Hour
- 3.13Path Hijacking Path Abusing1 Hour
- 3.14Exploiting Shared Library Misconfigurations1 Hour
- 3.15SUDO Privilege Escalation1 Hour
- 3.16Custom Binary and Scripts1 Hour
- 3.17Custom Binary Scripts – 21 Hour
- 3.18Exploitation (SUDO and LD_PRELOAD)1 Hour
- 3.19Exploiting Capabilities for Privilege Escalation1 Hour
- 3.20cap_net_raw+ep and cap_dac_read_search1 Hour
- 3.21cap_sys_admin+ep1 Hour
- 3.22Cron Jobs & Systemd Timers1 Hour
- 3.23Wildcard Injection * Expansion1 Hour
- 3.24NFS Root Squashing1 Hour
- 3.25LinPEAS1 Hour
- Windows Privilege Escalation18
- 4.1Windows Shell1 Hour
- 4.2Basic Windows Commands1 Hour
- 4.3Basic Windows Commands – 21 Hour
- 4.4Managing File and Folder Permissions in Windows1 Hour
- 4.5Understanding the ACL Entries1 Hour
- 4.6Windows Booting Files1 Hour
- 4.7net user1 Hour
- 4.8Net Services Suite1 Hour
- 4.9Service Controller Utility Commands1 Hour
- 4.10Windows Firewall Management1 Hour
- 4.11Windows Registry Commands1 Hour
- 4.12User and Network Enumeration1 Hour
- 4.13Windows Kernel Exploits1 Hour
- 4.14MS14-058 – ‘TrackPopupMenu’ Local Privilege Escalation1 Hour
- 4.15Windows Certificate Dialog Elevation of Privilege Vulnerability (CVE-2019-1388)1 Hour
- 4.16Generating Hash Files from SAM and SYSTEM1 Hour
- 4.17Active Directory Domain – NTDS.DIT1 Hour
- 4.18FileZilla Server Password Recovery1 Hour
- Offensive Active Directory5
Sachin Verma
125 Students3 Courses
Review
You might be intersted in
-
40 Students
-
14 Weeks
This comprehensive course is designed to provide participants with a solid foundation in Windows Server administration and networking fundamentals. Covering a range of essential topics, the course equips learners with...
₹ 15,000
-
62 Students
-
15 Weeks
This comprehensive course is designed to equip participants with the fundamental skills and knowledge required for effective Linux system administration. Covering topics from basic commands to advanced server configurations, participants...
₹ 15,000