2024-08-07 –, Opal
Attackers never stop at initial compromise; there is always an end goal objective which often requires privileged access to specific devices or systems. Identifying the correct privilege escalation vector can often feel like looking for a needle in a haystack, however with the right approach and understanding of the various controls in play, gaining full control can often be a safe assumption in many instances following initial foothold.
This workshop aims to equip those likely to find themselves with an initial foothold, with the skills to practically exploit a given privilege escalation vector on the target Linux system.
Moving from low to highly-privileged access is a crucial step in reaching your objective as an attacker. And with various controls regularly being employed to limit the likelihood of such an attack succeeding, or more generally increasing the effort required for an attacker to reach their goal, we need to know where to look, what to look for, and what to do with it once its found. As would-be attackers, we need to understand such techniques in order to accurately assess the risk and likelihood of a given attack path within the target, and identify our best possible path of attack.
This course therefore will equip those likely to find themselves with an initial foothold with the skills to practically exploit a given privilege escalation vector on the Linux system. Attendees will be presented with various scenarios and methods by which full control can be achieved, supported by a virtualised set of realistic challenges to practice and hone their techniques.
We will be focusing on privilege escalation in Linux, looking at both the basic scenarios and some more complex instances, as well as escaping restricted shells and execution environments.
Alongside a core methodology and exposure to various privilege escalation scenarios, attendees will also take away an execution environment which can be used to further hone their privilege escalation skills, and be tuned to increase the difficulty of exploitation by enabling controls commonly found in the wild and within hardened environments.
Specifically, the following topics will be covered:
- The Linux privilege model, and the importance of root
- Basic Linux privilege escalation via:
- Standard reconnaissance (e.g. identifying what is present, and what might be of use)
- Authentication weaknesses (e.g. surfacing weak/useful credentials)
- Weak file permissions (e.g. finding artefacts of interest)
- Built-in privilege escalation mechanisms, and their misconfigurations (e.g. sudo, suid/sgid)
- Service misconfigurations (e.g. cron, mysql)
- Advanced Linux privilege escalation via:
- Escaping/bypassing restricted environments
- Use of shared objects (e.g. LD_LIBRARY_PATH, RPATH, LD_PRELOAD)
Attendees should be comfortable with basic Linux command line usage and basic Linux configuration, however practical experience in attacking Linux environments is not necessarily required. In terms of hardware, attendees should bring a laptop with an Internet connection, at least 8GB of RAM, with Docker installed, and to which they have local administrative access (which is strongly recommended).
Following over a decade in the UK and Australian InfoSec industries, including an 8-and-a-half year stint in red teaming, Troy jumped the proverbial fence from red to blue, and is currently a Security Engineering Manager at Google. His interest and experience is in detection engineering, red teaming, threat modelling, hardware, and assessing ICS environments. Other interests include music, electronics, the outdoors, travel, rugby, CTF, and making piano-related noise.