So you’ve managed to get a foothold into the web server — now what? Privilege escalation can be an intimidating process for those unfamiliar with Linux systems or advanced penetration testing techniques. Servers are often cluttered with utilities, backups, and files; how do you find your way through to a root shell? Where are the first places an attacker might look for exploitable vulnerabilities? In this workshop, participants will learn about common privilege escalation paths on Linux systems, including sticky bits, shell escapes, wildcard injections, and how to identify vulnerable services. The workshop will demonstrate several techniques for those looking to improve their security skills, with time for discussion afterward. The speaker will also make a vulnerable VM image available to participants who wish to practice further.

Senior Security Analyst Kate Broussard will present Introduction to Linux Privilege Escalation Methods at Day of Shecurity on Friday, February 22, 2019.