Privilege Escalation Techniques

Learn the art of exploiting Windows and Linux systems

Alexis Ahmed

BIRMINGHAM—MUMBAI

Privilege Escalation Techniques

Copyright © 2021 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Vijin Boricha

Publishing Product Manager: Vijin Boricha

Senior Editor: Shazeen Iqbal

Content Development Editor: Romy Dias

Technical Editor: Shruthi Shetty

Copy Editor: Safis Editing

Project Coordinator: Shagun Saini

Proofreader: Safis Editing

Indexer: Manju Arasan

Production Designer: Prashant Ghare

First published: October 2021

Production reference: 1061021

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80107-887-0

www.packt.com

In loving memory of my late grandfather.

Contributors

About the author

Alexis Ahmed is an experienced penetration tester and security researcher with over 7 years of experience in the cybersecurity industry. He started off his career as a Linux system administrator and soon discovered a passion and aptitude for security and transitioned into a junior penetration tester. In 2017, he founded HackerSploit, a cybersecurity consultancy that specializes in penetration testing and security training, where he currently works as a senior penetration tester and trainer.

Alexis has multiple cybersecurity certifications, ranging from the CEH and Sec+ to OSCP, and is a certified ISO 27001 associate. He is also an experienced DevSecOps engineer and helps companies secure their Docker infrastructure.

I would like to thank my family for giving me the space and support I've needed to write this book, even while the COVID-19 global pandemic was raging around us. I would like to thank the entire Packt editing team, which has helped, guided, and encouraged me during this process, and I'd like to give special thanks to Romy Dias, who edited most of my work, and Andy Portillo, who helped me with the technical aspects of the book.

About the reviewer

Andy Portillo (n3t1nv4d3) holds an MS in information assurance and cybersecurity. He holds several certifications ranging from Offensive Security's OSCP and OSWP to Pentester Academy's CRTE and CARTP, ISC² CISSP, SANS GWAPT, and GEVA, and ISACA's CISA and CDPSE. Andy has 8 years of experience in a wide range of information security disciplines and has industry experience in finance, payment cards, and academia. His career started as a network engineer before gaining extensive information security experience through roles including IS analyst and penetration tester, and he is currently working as a manager in a SecOps (vapt) team and lecturer at the University of Southern California. Above all the previously stated, he is a father, husband, and hacker!

To my wife and kids, thank you for your understanding and patience with me as I continue down my ever-growing learning paths and venture into a multitude of information security areas – working, teaching, studying, and now reviewing books.