Privilege Escalation on Linux Machines - [Security Presentation]

in #cybersecurity7 years ago

Jake Williams of Rendition Infosec gave a presentation for some of techniques used to escalate your privileges on a Linux system.

Who is this relevant for? Well, it is relevant for security researchers and cyber-security professionals. However, bad intentioned parties could also use this for malicious purposes.

Whenever someone gains access into a system, whether through a running service or through stolen credentials, they usually get in via a low privileged user (sometimes even 'www-data'). From there on, the purpose is gain absolute privileges on the system by owning the root account. This is very often the case.

And there are so many ways to do that, that's very difficult for system administrators to optimize the server security. In this talk, Jake Williams goes into some of the ways for privilege escalation. It includes:

  • local root exploits
  • vulnerable services
  • misconfigurations
  • unpatched applications
  • and more.

Some of the ones that appear more dangerous are those where using editors (vi, vim, etc) could simply throw a root shell using built in commands. Anyway, if you're interested in security and you want to learn how to improve the security of your system, this talk is for you. I for one, have saved it and watched it multiple times so far.


To stay in touch with me, follow @cristi


Cristi Vlad Self-Experimenter and Author

Sort:  

I have to just pause the video and say that this guy is a great interactor. He talks sense and does it casual as you please. No pressure classroom environment. Best learning time :-)

Im always interested in computer security, but if i watched this video up till the 6th minute i think i might just run out of internet data, however, i have saved the link so i can watch when my data has been renewed. Thanks for sharing

Excellent info... Resteemed!

Good post development of Linux system, thanks for sharing
VID-20180411-WA0030.gif

I've always been somewhat interested in security but never really got into it enough to do anything fun, but considering all the IoT devices, this might actually be something I want to get into now. There's the fun aspect, and then there's the fact that you might want to hack it to figure out if you can secure it properly. Very interesting talk. Watching it now.