Monkeys know what tree to climb

While privilege escalation is not the end goal, it is a key element of the attack life cycle and a major determinant in the overall success of a penetration test.

---

Testlab

• Assemblers and compilers
• Disassemblers and decompilers
• Shellcoding tools
• Exploitation tools

---

Notes on techniques

• Introduction
• Types of shells
• Common shells
• Common systems exploits
• Common attack vectors wireless
• Common application-based attacks

Linux escalation

• Introduction
• Reuseful escalation patterns
• Kernel vulnerability exploits
• Exploit sudo misconfigurations
• SUID and SGID exploits
• Exploit capable programs
• Cron jobs exploits
• Path exploits
• NFS exploits

Windows escalation

• Introduction
• Reuseful escalation patterns
• Harvesting passwords
• Quick misconfiguration wins
• Abusing service misconfigurations
• Abusing dangerous privileges
• Abusing vulnerable software

---

Coding

• Windows
• Linux

---

TryHackMe

• Introduction
• Windows PrivEsc
• Linux PrivEsc
• Steel Mountain
• Alfred
• HackPark
• Game Zone
• Skynet
• The Daily Bugle
• Overpass 2 hacked
• Relevant
• Internal
• Mr Robot

Root-me

• Introduction
• Bash: System 1
• sudo: weak configuration
• Bash: System 2
• LaTeX: Input
• Powershell: Command Injection
• Bash: unquoted expression injection
• Perl: Command injection
• Bash: cron
• Python input()

---