linux Understanding AppArmor Kernel Enhancement AppArmor is an old, yet powerful security feature introduced in the Linux kernel in the late '90s to control resources for running programs rather than users. It can be used to easily mitigate the damage caused by adversaries. Learn the basics of the AppArmor and its components
linux Attack Defense Privilege Escalation CTF Walkthrough Get a detailed walkthrough on the Linux privileged escalation CTF brought to you by the attackdefence platform.
containers Container Host Breakout – Part 2 This is part 2 of container host breakout where you will learn how to interact with low-level APIs and other OCI tools like containerd to escalate to the root user.
linux Container Host Breakout – Part 1 Understand how the docker demon running on the remote system or managed service like portainer could be a security risk that should be avoided to prevent the entire infrastructure take over
linux Container Breakout – Part 2 How about injecting the kernel modules and overwriting the files of the host from the "isolated" containers? Learn how to abuse extra capabilities provided to the container and break out of the isolation.
linux Container Breakout – Part 1 Learn the advanced techniques like inter-process communication, abusing Linux capabilities and process injection to break out of an isolated docker container
linux Understanding Container Architecture Docker containers are widely used in the deployment of moderns apps. In this post, you will learn the concept of containerizing, the security mechanism used by the docker community and how to interact with container via docker
linux Exploiting Linux Capabilities – Part 6 Learn the basics of process injection and kernel modules. Build your own rootkits to exploit cap_sys_ptrace and cap_sys_module capabilities in the Linux kernel
linux Exploiting Linux Capabilities – Part 5 Learn the basics of networking and how to perform privileged tasks when you have special network capabilities: cap_net_raw, cap_net_bind_service and cap_net_admin
linux Exploiting Linux Capabilities – Part 4 Learn about Linux file capabilities like cap_fowner, cap_setfcap, cap_dac_override and cap_linux_immutable and how to exploit these in order to read privileged files or get the root user shell
linux Exploiting Linux Capabilities – Part 3 In this post you will learn how to exploit the capabilities often provided to a sysadmin for example cap_sys_admin, cap_sys_time, cap_kill and cap_chown
linux Exploiting Linux Capabilities – Part 2 Learn about dac_read_search and dac_override capabilities and how to exploit them in different programs to get the root user access in linux
linux Exploiting Linux Capabilities – Part 1 Get the practical knowledge on how to abuse cap_setuid and cap_setgid capabilities in Linux to get the root user shell
linux Understanding Linux Capabilities Get a basic understanding of what Linux capabilities are and how to use the utility tools like capsh, setcap and getcap to manage or print capabilities of program files and running processes or tasks
linux Breaking out of CHROOT Jailed Shell Environment Learn the basics of how chroot actually works, what is different between process current working directory and root directory and how the limitation in chroot which help you break out to root file system
linux Breaking out of Restricted Shell Environment Even though a restricted shell was introduced to prevent unintended malicious activities on the system. But offensive hackers still found ways to break out of this shell and further perform privilege escalation via normal shell.
vulnhub Vulnhub Photographer Writeup Learn how to exploit koken cms and get the reverse shell out of it. Perform privilege escalation by hunting for unusual SUID binaries and information from GTFOBins
linux Exploiting Vulnerable Application for Privilege Escalation In this, you will learn how a known vulnerability in a third-party application installed on a Linux system could help attackers to escalate to root privileges
linux Pwning Webapps to Get Root Shell In this, you will learn how to exploit real-world user-facing applications to get an initial foothold and then perform privilege escalation using known vulnerabilities in web apps
linux Exploiting Shared Library Misconfigurations Get the practical knowledge of Linux privilege escalation by discussing 3 pentester academy labs on shared library injection. You will realize how dangerous shared library injection is when you find GCC compiler and permission misconfiguration
linux Understanding Concept of Shared Libraries Get in-depth knowledge of shared libraries in Linux and how it is actually used via a practical approach. Build your first library and use it in the code. In this you will also realize how dangerous LD_PRELOAD environment variable is
linux VulnHub Escalate Writeup A detailed walkthrough on vulnhub's "Escalate" machine to know a misconfigured SUID bit in an unusual program can lead to multi-user privilege escalation
linux Exploiting the Cron Jobs Misconfigurations – Part 2 This is part two of exploiting the cron job where you learn about advanced misconfigurations like symlinks and paths to get the root user shell
linux Exploiting the Cron Jobs Misconfigurations – Part 1 Get practical knowledge on how to exploit cron job basic misconfiguration to get a privileged shell and execute commands on behalf of the root user.
vulnhub VulnHub PwnLab Writeup A quick walkthrough of VulnHub PwnLab machine where you will learn get through a web app and gain root user shell