Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Privilege Escalation Techniques
Privilege Escalation Techniques

Privilege Escalation Techniques: Learn the art of exploiting Windows and Linux systems

Arrow left icon
Profile Icon Alexis Ahmed
Arrow right icon
Free Trial
Full star icon Full star icon Full star icon Full star icon Half star icon 4.4 (10 Ratings)
Paperback Nov 2021 340 pages 1st Edition
eBook
S$41.98 S$59.99
Paperback
S$74.99
Subscription
Free Trial
Arrow left icon
Profile Icon Alexis Ahmed
Arrow right icon
Free Trial
Full star icon Full star icon Full star icon Full star icon Half star icon 4.4 (10 Ratings)
Paperback Nov 2021 340 pages 1st Edition
eBook
S$41.98 S$59.99
Paperback
S$74.99
Subscription
Free Trial
eBook
S$41.98 S$59.99
Paperback
S$74.99
Subscription
Free Trial

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Privilege Escalation Techniques

Chapter 1: Introduction to Privilege Escalation

Privilege escalation is a vital element of the attack life cycle and is a major determinant in the overall success of a penetration test.

The importance of privilege escalation in the penetration testing process cannot be overstated or overlooked. Developing your privilege escalation skills will mark you out as a good penetration tester. The ability to enumerate information from a target system and utilize this information to identify potential misconfigurations and vulnerabilities that can be exploited to elevate privileges is an essential skill set for any penetration tester.

This chapter aims to give you a clearer picture and understanding of the privilege escalation process and will act as a formal introduction to the various types of privilege escalation techniques, and how the process differs between Windows and Linux systems.

To fully understand and leverage the various privilege escalation tools and techniques, you first need to understand how permissions and privileges are implemented on various operating systems and how these differences in design and implementation affect the privilege escalation process as a whole.

By the end of this chapter, you will have a clear understanding of what privilege escalation is, and you will also understand how permissions are implemented on Windows and Linux systems and get a brief introduction to the various privilege escalation techniques that we will be exploring in depth in the upcoming chapters.

In this chapter, we will cover the following topics:

  • What is privilege escalation?
  • How permissions and privileges are assigned
  • Understanding the differences between privilege escalation on Windows and Linux
  • Exploring the types of privilege escalation attack

What is privilege escalation?

Privilege escalation is the process of exploiting vulnerabilities or misconfigurations in systems to elevate privileges from one user to another, typically to a user with administrative or root access on a system. Successful privilege escalation allows attackers to increase their control over a system or group of systems that belong to a domain, giving them the ability to make administrative changes, exfiltrate data, modify or damage the operating system, and maintain access through persistence, such as registry edits or cron jobs.

From a penetration tester's perspective, privilege escalation is the next logical step after the successful exploitation of a system and is typically performed by bypassing or exploiting authentication and authorization systems, whose purpose is to segregate user accounts based on their permissions and role.

A typical approach would be to use an initial access or foothold on a system to gain access to resources and functionality that is beyond what the current user account permissions offer. This process is commonly referred to as getting root privileges on a system.

Before we can get started with the various privilege escalation techniques, we need to understand how user accounts and permissions are implemented in modern operating systems.

How permissions and privileges are assigned

To better understand how to elevate privileges, we need to first understand how operating systems are designed in relation to user accounts and privilege.

Operating systems' authorizations are designed to handle multiple users with multiple roles and permissions. This segregation of roles is the primary factor behind the various user account implementation philosophies that are implemented in operating systems today.

This abstraction of user roles and permissions on a system is set up and facilitated by a system called a protection ring, as demonstrated in Figure 1.1. This specifies limits and enforces the functionality of users on a system and their corresponding access to resources.

As the name suggests, a protection ring is a hierarchical protection and segregation mechanism used to provide different levels of access to functionality and resources on a system. The various rings in the hierarchy represent layers of privilege within the operating system, as illustrated in the following screenshot:

Figure 1.1 – Protection ring

Figure 1.1 – Protection ring

The rings in the hierarchy illustrated in Figure 1.1 are sorted and arranged from the most privileged (typically denoted by level 0) to the least privileged, where the least privileged is represented by the highest ring number. This segregation of privileges on a system leads to the adoption of two main roles, as follows:

  • Privileged access: This is typically represented or assigned to the root or administrator account and provides complete access to all system commands and resources. The root or administrator account will typically have access to the following functionality:

    1. The ability to install, uninstall, and modify system software or binaries

    2. The ability to add, modify, or remove users and user groups

    3. The ability to create, access, modify, and delete any system or user data

    4. The ability to access and have control over all system hardware

    5. The ability to access network functionality and networking utilities

    6. The ability to create, manage, and kill system and user processes

  • Unprivileged access: This is typically represented or assigned to non-root or standard user accounts and is limited to a specific set of privileges that are designed and tailored for standard user access on a system. It limits the user functionality to basic tasks and access of user data on the system. Non-root accounts will commonly have the following functionality:

    1. The ability to start and stop user processes and programs

    2. The ability to create, modify, and delete user data

    3. The ability to have access to network functionality

This segregation of permissions highlights the importance of privilege escalation for penetration testers or attackers as it offers total and unparalleled control over a system or, potentially, a group of systems if they can get "root" or administrative access on a system.

Given the nature of privilege escalation attacks in relation to user accounts and permissions, there are two main methods of performing privilege escalation that can be utilized by attackers based on their intentions and objectives, as follows:

  • Horizontal privilege escalation
  • Vertical privilege escalation

We will take a closer look at what they are in the next section.

Horizontal privilege escalation

Horizontal privilege escalation is the process of accessing the functionality or data of other user accounts on a system, as opposed to gaining access to accounts with administrative or root privileges. It primarily involves accessing or authorizing functionality on a system using accounts that are on the same user level of permissions, as opposed to user accounts that are higher up and that have more privileges and permissions.

Attackers or penetration testers would typically perform this type of privilege escalation attack if they were interested in accessing unprivileged user account data or in harvesting user account credentials or password hashes.

Scenario

The following screenshot illustrates a typical account setup on a computer, where we have two unprivileged users and one privileged user. In this case, the two unprivileged users are John and Mike, and the privileged user is Collin:

Figure 1.2 – Horizontal privilege escalation scenario

Figure 1.2 – Horizontal privilege escalation scenario

In this scenario, John is attempting to perform a typical horizontal privilege escalation attack by escalating his user account privileges to the account privileges of Mike. Note that John and Mike are on the same horizontal privilege level.

Figure 1.2 clearly outlines the sole objective of horizontal privilege escalation, the objective being to elevate privileges to user accounts that are on the same horizontal level as the user account performing the attack.

Vertical privilege escalation

Vertical privilege escalation is the process of exploiting a vulnerability in an operating system to gain root or administrative access on a system. This method is usually preferred by attackers and penetration testers as it offers the biggest payout given the permissions and functionality, as they now have total access and control over the system(s).

The following screenshot outlines a bottom-up approach to user account permissions and privileges, where the topmost account has the highest privileges, is the least accessible, and is typically assigned to system administrators. The lowest accounts are set up and configured to be used by standard users and services that require no administrative privileges as part of their daily tasks:

Figure 1.3 – Vertical privilege escalation

Figure 1.3 – Vertical privilege escalation

Figure 1.3 also illustrates a vertical approach to elevating privileges based on the user account and permissions for both Windows and Linux systems, the objective being to laterally move up the pecking order to the account with the highest privileges, therefore giving you complete access to the system.

Important note

Vertical privilege escalation may not solely emanate from the exploitation of a vulnerability within an operating system or service. It is common to find misconfigured systems and services that may allow non-administrative user accounts to run commands or binaries with administrative permissions. We will take a look at the various privilege escalation techniques in the upcoming chapters.

Scenario

The following screenshot illustrates a typical account setup on a computer, where we have two unprivileged users and one privileged user. In this case, the two unprivileged users are John and Mike, and the privileged user is Collin:

Figure 1.4 – Vertical privilege escalation scenario

Figure 1.4 – Vertical privilege escalation scenario

For this scenario, Figure 1.4 illustrates a traditional vertical privilege escalation method where the user John is attempting to elevate privileges to the administrator account, which is Collin's account. If successful, John will get access to administrative privileges and will be able to access all user accounts and files, therefore giving him total access and control over the system. This scenario demonstrates the importance and potential impact of a successful vertical privilege escalation attack.

Now that we have an understanding of the two main privilege escalation methods and how they are orchestrated, we can begin taking a look at the various differences between privilege escalation on Windows and Linux.

Understanding the differences between privilege escalation on Windows and Linux

Now that we have a general understanding of how user accounts and permissions are implemented and have looked at the two main methods of performing privilege escalation, we can begin taking a look at the differences between Linux and Windows in the context of privilege escalation attacks and at how their individual design and development philosophies affect the privilege escalation process.

This nuanced approach will give us clarity on the strengths and weaknesses of both operating systems and their corresponding kernels in relation to vulnerabilities and potential exploitation.

The following table outlines common potential attack vectors for both operating systems and the services that can be exploited to elevate privileges:

Table 1.1 – Common potential attack vectors

Table 1.1 – Common potential attack vectors

To fully understand the differences between the two operating systems in terms of potential vulnerabilities and attack vectors, we need to understand how they handle authentication and security as this will give us an idea of where the security pitfalls exist. It is important to note, however, that the security differences between Windows and Linux boil down to their unique design philosophy.

Windows security

Windows is a proprietary operating system that is owned and developed by the Microsoft Corporation and controls a majority of the PC market share at about 93%, which means that most companies are likely to be running Windows clients for their end users and/or Windows Server deployments for their critical infrastructure.

For this reason, Windows is more likely to be running on employee laptops and workstations as it has a much more user-centered design (UCD) and philosophy. In order to understand the privilege escalation process on Windows, we need to understand how Windows manages and maintains system security. In order to do this, we will need to take a closer look at various components that are responsible for managing and maintaining authentication and security on Windows.

User authentication

Authentication is the process of verifying the identity of a user who is trying to access a system or system resource.

Authentication on most modern operating systems is typically enforced through a username and password combination; however, operating systems have begun implementing additional layers of authentication, in addition to implementing stronger encryption algorithms for user passwords.

Passwords and password hashes are usually a target for penetration testers, and we will take a look at how to dump system passwords and hashes later in the book.

User authentication on Windows is handled by the Windows Logon (Winlogon) process and Security Account Manager (SAM). SAM is a database that is used to manage and store user accounts on Windows systems.

Modern releases of Windows utilize the New Technology LAN Manager 2 (NTLM2) encryption protocol for password hashing and encryption, which is significantly stronger than the LAN Manager (LM) encryption protocol present in older versions of Windows.

Authentication onto domains on Windows is typically facilitated by authentication protocols such as Kerberos.

User identification

User identification is used to uniquely identify users on a system and is also used to establish a system of accountability, as actions performed on a system can be tracked down to the user who made or performed them. Understanding how identification works and is implemented on Windows is extremely useful in the privilege escalation process to identify users on a system, along with their roles and groups.

The process of user identification on Windows utilizes a security identifier (SID) for identification. Each user and group has a unique SID that consists of the components outlined in the following screenshot:

Figure 1.5 – Sample Windows SID

Figure 1.5 – Sample Windows SID

The different parameters from the preceding SID are discussed as follows:

  • SID String: S indicates that it's an SID string
  • Revision: Always set to 1; this refers to the structure revision number
  • Authority ID: Specifies who created or granted the SID, as follows:

    - Null: 0

    - World authority: 1

    - Local authority: 2

    - Creator authority: 3

    - Non-unique authority: 4

    - NT authority: 5

  • Subauthority ID/actual ID: Unique ID for the user, or comprises the domain identifier
  • RID: This stands for relative ID and is used in reference to other accounts to distinguish one user from another. Windows will have the following unique RIDs assigned to specific users. It is important to be able to identify privileged users based on their SID, as follows:

    - Administrator: 500

    - Guest user: 501

    - Domain administrator: 512

    - Domain computer: 515

You can enumerate the SIDs on a Windows system by running the following command in Command Prompt (CMD):

wmic useraccount get name,sid

This command will enumerate all user account SIDs on the system, as illustrated in the following screenshot. Pay close attention to the RIDs as they can be used to quickly identify administrator and guest accounts:

Figure 1.6 – Enumerating Windows SIDs

Figure 1.6 – Enumerating Windows SIDs

As displayed in Figure 1.6, we can identify user roles based on their RID, regardless of the account username. In this particular case, we have an administrator and guest account set up and they can be identified by their RID.

Access tokens

An access token is an object that describes and identifies the security context of a process or thread on a system. The access token is generated by the Winlogon process every time a user authenticates successfully, and includes the identity and privileges of the user account associated with the thread or process. This token is then attached to the initial process (typically the userinit.exe process), after which all child processes will inherit a copy of the access token from their creator and will run under the same access token.

On Windows, an access token will comprise the following elements:

  • User SID
  • Group SID
  • Logon SID
  • Privileges assigned to the user or the user's group
  • Discretionary access control list (DACL) being used
  • Source of the access token

We can list out the access token of a user by running the following command in the CMD:

Whoami /priv

If the user is unprivileged, the access token will be restricted, as outlined in the following screenshot:

Figure 1.7 – Restricted access token

Figure 1.7 – Restricted access token

It is important to note that the user highlighted in Figure 1.7 has administrative privileges; however, the cmd.exe process uses an access token that restricts privileges. If we run cmd.exe as an administrator, the user's access token will be listed with all privileges, as outlined in the following screenshot:

Figure 1.8 – Privileged access token

Figure 1.8 – Privileged access token

Access tokens can be leveraged during the privilege escalation process through attacks such as primary access token manipulation attacks, which involve tricking a system into believing that a process belongs to a different user from the one who started the process. We will learn how to utilize this attack vector to escalate our privileges later in the book.

Linux security

Linux is a free and open source operating system that comprises the Linux kernel, which was developed by Linus Torvalds, and the GNU's Not Unix (GNU) toolkit, which is a collection of software and utilities that was originally started and developed by Richard Stallman. This combination of open source projects is what makes up the Linux operating system as a whole, and it is commonly referred to as GNU/Linux.

Typically, most individuals and companies are likely to be running Windows clients and will be using Linux for their critical infrastructure—for instance, mail servers, databases, web servers, and intrusion detection systems (IDSes). Given the nature and deployment of Linux servers in organizations, attacks will be much more likely to severely affect a company and cause major disruption.

User authentication

User account details on Linux are stored in a /etc/passwd file. This file contains the user account username, the user ID (UID), an encrypted password, a group ID (GID), and personal user information.

This file can be accessed by all users on the system, which means that any user on the system can retrieve the password hashes of other users on the system. This makes the hash-dumping process on Linux much more straightforward and opens the door to potential password-cracking attacks. Most older Linux distributions utilized the Message Digest Algorithm 5 (MD5) hashing algorithm, which is much easier to crack, and as a result, most newer distributions have begun utilizing and implementing the Secure Hash Algorithm 256 (SHA-256) encryption protocol, therefore making it much more difficult to crack the hashes.

Identification

User authentication on Linux is facilitated through the use of a username that corresponds to a unique UID, comprising a numeric value that is automatically assigned or manually assigned by a system administrator. The root account on Linux will always have a UID of 0.

This user information, along with the hashed user passwords, is stored in the /etc/passwd file.

Access tokens

Access tokens on Linux work in a similar way to how they work on Windows but are stored in memory (random-access memory, or RAM) and attached to processes when initialized.

The access token on Linux will contain the following information:

  • UID of the user account
  • GID/GIDs of the groups that the user is a member of
  • User privileges
  • Primary group UID
  • Access control list (ACL) entries

Now that we have an understanding of the various authentication and security components used on Windows and Linux, we can take a look at the various types of privilege escalation attack and how they exploit the aforementioned security mechanisms.

Exploring the types of privilege escalation attack

We can now explore the most common privilege escalation attacks and how they work. The objective is to get a basic picture of the types of privilege escalation attack available and to understand how they are exploited.

We will take a look at how to exploit these vulnerabilities in depth on both Windows and Linux systems in the upcoming chapters.

Kernel exploits

Kernel exploits are programs or binaries that affect both Windows and Linux and are designed to exploit vulnerabilities in the underlying kernel, to execute arbitrary code with elevated or "root" permissions.

The exploitation process is multi-faceted and requires a good amount of enumeration in order to determine the operating system version and installed patches or hotfixes, and consequently whether it is affected by any kernel exploits, after which the kernel exploit code can be retrieved through various exploit repositories such as exploit-db. The exploit code should then be inspected and customized based on the required parameters and functionality. After customization, the code can be compiled into a binary and transferred over to the target for execution. In some cases, the exploit code will need to be downloaded and compiled on the target if it relies on certain dependencies.

After successful compilation and execution of the binary, the kernel exploit will grant the attacker "root" access on the target system in the form of a shell prompt, where they can run commands on the system with "root" privileges.

In many cases, precompiled kernel exploits for Windows already exist online and can be downloaded and executed directly, therefore avoiding the compilation process altogether. However, it is very important to inspect and analyze the exploit code before compiling it, as exploits could contain malicious code or payloads.

Important note

Kernel exploits are extremely powerful; however, they can cause system crashes and kernel panics that can hinder the privilege escalation process and can cause damage to the system.

Exploiting SUID binaries

SUID is an inbuilt Linux feature that allows users to execute binaries and files with the permissions of other users.

This feature is commonly used to allow non-root accounts to run system utilities and binaries with root permissions. You can set the program or utility SUID permission with the owner as "root." This will allow the program or utility to run with "root" privileges whenever a non-root user executes it. Attackers can exploit or take advantage of SUID misconfigurations and run arbitrary commands as root.

For example, programs or binaries that allow the execution of arbitrary commands such as vim should not have their SUID owner set as "root," as non-root users can leverage the command execution functionality within vim to run commands with "root."

Exploiting vulnerable services and permissions

Services offer the largest threat surface for attackers, given the variability and diversity of programs and services that can be found running on Windows and Linux systems.

Attackers will typically aim to identify misconfigured or vulnerable services and programs that could facilitate the escalation of privileges. For example, on Linux systems, attackers will try to identify and exploit misconfigurations with cron jobs and leverage the functionality to execute arbitrary code or malicious binaries.

Exploiting vulnerable or insecure services on Windows typically involves embedding a payload in a service with administrative privileges. When the service is executed, it executes a payload with the administrative privileges, therefore allowing the binary to execute commands with "root" privileges.

Insecure credentials

This technique involves searching for insecure credentials that have been stored on a system by users or by carrying out a process of cracking weak user credentials. Many users—and even system administrators—note down passwords in cleartext in documents, spreadsheets, and configuration files for various service accounts. These files can be located by running specialized search queries with various command-line utilities.

An example of this is the use of the find command-line utility on Linux to locate files with specific extensions and filenames.

Exploiting SUDO

Attackers will usually target users who have SUDO privileges. SUDO allows users to run commands as another user, typically the root user.

SUDO privileges are usually configured manually by administrators, which leaves the door open to potential misconfigurations. For example, an administrator can assign SUDO permissions to a non-root user for certain command-line utilities (such as find or vim) that can run shell commands or arbitrary code.

This can be leveraged by attackers to run arbitrary code or execute commands with "root" privileges.

Important note

SUDO is a Linux command and permission set that allows users to run commands or programs with superuser or "root" privileges.

These are just some of the privilege escalation attacks and techniques that can be used on both Windows and Linux systems. We will be taking a look at how to use these techniques in detail in the upcoming chapters.

Summary

This chapter introduced you to the privilege escalation process, explained how privileges and user accounts are implemented in modern operating systems, and looked at the differences between privilege escalation on Windows and Linux systems. It also highlighted the most common privilege escalation techniques and explained how they can be exploited.

You should now have a good understanding of the privilege escalation process, how permissions and privileges are implemented, and the various penetration testing techniques that are used on both Windows and Linux.

In the next chapter, we'll get started with setting up our virtual environment and preparing our penetration-testing distribution. We will also look at the various tools and frameworks we will be utilizing to enhance and optimize the privilege escalation process.

Left arrow icon Right arrow icon

Description

Privilege Escalation Techniques is a detailed guide to privilege escalation techniques and tools for both Windows and Linux systems. This is a one-of-a-kind resource that will deepen your understanding of both platforms and provide detailed, easy-to-follow instructions for your first foray into privilege escalation. The book uses virtual environments that you can download to test and run tools and techniques. After a refresher on gaining access and surveying systems, each chapter will feature an exploitation challenge in the form of pre-built virtual machines (VMs). As you progress, you will learn how to enumerate and exploit a target Linux or Windows system. You’ll then get a demonstration on how you can escalate your privileges to the highest level. By the end of this book, you will have gained all the knowledge and skills you need to be able to perform local kernel exploits, escalate privileges through vulnerabilities in services, maintain persistence, and enumerate information from the target such as passwords and password hashes.

Who is this book for?

If you’re a pentester or a cybersecurity student interested in learning how to perform various privilege escalation techniques on Windows and Linux systems – including exploiting bugs and design flaws – then this book is for you. You’ll need a solid grasp on how Windows and Linux systems work along with fundamental cybersecurity knowledge before you get started.

What you will learn

  • Understand the privilege escalation process and set up a pentesting lab
  • Gain an initial foothold on the system
  • Perform local enumeration on target systems
  • Exploit kernel vulnerabilities on Windows and Linux systems
  • Perform privilege escalation through password looting and finding stored credentials
  • Get to grips with performing impersonation attacks
  • Exploit Windows services such as the secondary logon handle service to escalate Windows privileges
  • Escalate Linux privileges by exploiting scheduled tasks and SUID binaries

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Nov 25, 2021
Length: 340 pages
Edition : 1st
Language : English
ISBN-13 : 9781801078870
Vendor :
Offensive Security
Category :
Languages :
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Nov 25, 2021
Length: 340 pages
Edition : 1st
Language : English
ISBN-13 : 9781801078870
Vendor :
Offensive Security
Category :
Languages :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just S$6 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just S$6 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total S$ 224.97
Privilege Escalation Techniques
S$74.99
Adversarial Tradecraft in Cybersecurity
S$74.99
Malware Analysis Techniques
S$74.99
Total S$ 224.97 Stars icon

Table of Contents

17 Chapters
Section 1: Gaining Access and Local Enumeration Chevron down icon Chevron up icon
Chapter 1: Introduction to Privilege Escalation Chevron down icon Chevron up icon
Chapter 2: Setting Up Our Lab Chevron down icon Chevron up icon
Chapter 3: Gaining Access (Exploitation) Chevron down icon Chevron up icon
Chapter 4: Performing Local Enumeration Chevron down icon Chevron up icon
Section 2: Windows Privilege Escalation Chevron down icon Chevron up icon
Chapter 5: Windows Kernel Exploits Chevron down icon Chevron up icon
Chapter 6: Impersonation Attacks Chevron down icon Chevron up icon
Chapter 7: Windows Password Mining Chevron down icon Chevron up icon
Chapter 8: Exploiting Services Chevron down icon Chevron up icon
Chapter 9: Privilege Escalation through the Windows Registry Chevron down icon Chevron up icon
Section 3: Linux Privilege Escalation Chevron down icon Chevron up icon
Chapter 10: Linux Kernel Exploits Chevron down icon Chevron up icon
Chapter 11: Linux Password Mining Chevron down icon Chevron up icon
Chapter 12: Scheduled Tasks Chevron down icon Chevron up icon
Chapter 13: Exploiting SUID Binaries Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.4
(10 Ratings)
5 star 80%
4 star 0%
3 star 0%
2 star 20%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




N/A Feb 21, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Pubblicazioni interessanti scritti con il giusto livello tecnico ma soprattutto in modo chiaro.
Feefo Verified review Feefo
Marek Zima Feb 13, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Feefo Verified review Feefo
Tyshic May 03, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book by Alexis is excellent his straight up approach to explaining escalations others are too complex. worth buying.
Amazon Verified review Amazon
Steve Torok Dec 05, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I've purchased several ebooks and video courses over the years and I must say that most of them contain about the same type of information, however the biggest difference among them is how well they can transmit this information to the reader or viewer and this is where and this is where this product stands out IMO. Easy to read and understand, very well structured so it's a breeze to look up something you need and because of it's size you can take it with you wherever you go and just browse it in your free time or when travelling. Really well written, I can't recommend it enough.
Amazon Verified review Amazon
CL Nov 26, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I'm a red team instructor and got a preview copy of the book to review.I am thoroughly impressed.The subject of the book is not what many consider introductory for cybersecurity. But, Alexis Ahmed does an amazing job breaking down the concepts to their lowest level to make this book as accessible as possible to the reader.This makes the book far more than a field guide. And, while including instructions and walkthrough for setting up labs and the tools used throughout the book, it is far more than just an introduction.Anyone who reads and completes the labs in this book should be quite well prepared to start a penetration testing journey. With this knowledge and these skills in hand, the next step is repetition and mastery.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.