Privilege Escalation (September 2025)
A privilege escalation course teaches cybersecurity professionals and ethical hackers how attackers exploit vulnerabilities to elevate their access in Linux and Windows systems, covering both vertical (user-to-admin) and horizontal (peer-to-peer) privilege escalation methods. Learners gain practical skills for manually and …
A privilege escalation course teaches cybersecurity professionals and ethical hackers how attackers exploit vulnerabilities to elevate their access in Linux and Windows systems, covering both vertical (user-to-admin) and horizontal (peer-to-peer) privilege escalation methods. Learners gain practical skills for manually and automatically enumerating systems, identifying weak configurations, leveraging common exploits, and defending against these threats using real-world techniques and popular security tools.
Course Description
-
The course covers the core concepts of privilege escalation, focusing on how attackers move from basic user accounts to privileged access.
-
It explains vertical escalation (gaining admin rights) and horizontal escalation (accessing peer user accounts), with practical examples on both Linux and Windows platforms.
-
Students learn hands-on manual enumeration techniques (e.g., inspecting user, service, and kernel details), automated vulnerability scanning with specialized tools, and methods to exploit system weaknesses.
-
Topics include kernel exploits, misconfigurations, password mining, registry attacks, scheduled task abuse, and techniques for persistence, impersonation, and post-exploitation activities.
-
The course also teaches defensive strategies, including system hardening, proper configuration, monitoring and detection, and deploying auditing tools to safeguard against escalation attacks.
This course gives learners comprehensive, hands-on knowledge of privilege escalation techniques and defenses, preparing them for security assessments, penetration testing, and real-world incident response scenarios.
Here is a structured outline for a course on Privilege Escalation covering both Linux and Windows environments, based on current security training standards and the details you provided.
Module 1: Introduction to Privilege Escalation
-
Overview of privilege escalation and its impact on security.
-
Types: vertical vs. horizontal privilege escalation.
-
Real-world attack scenarios in penetration testing and ethical hacking.
Module 2: Manual Enumeration
-
User and group enumeration.
-
Operating system and kernel version discovery.
-
Network, application, and service enumeration.
-
Home directory analysis and file permissions review.
Module 3: Automated Enumeration & Vulnerability Scanning
-
Usage of tools: LinPEAS, PowerUp, Sherlock, GTFOBins, Linux/Windows Exploit Suggester.
-
Vulnerability scanning: Nmap, Nessus, OpenVAS.
-
Identification of kernel/service vulnerabilities and misconfigurations.
Module 4: Exploiting Linux Privilege Escalation Vulnerabilities
-
Kernel and service exploits.
-
SUID/SGID binaries and abusing the PATH variable.
-
Password mining, cracking, and shell escape sequences.
-
Exploiting misconfigured cron jobs and systemd timers.
Module 5: Exploiting Windows Privilege Escalation Vulnerabilities
-
Windows kernel exploits and service misconfigurations.
-
Registry and credential extraction, e.g., using Mimikatz.
-
Exploiting scheduled tasks and startup applications.
-
Impersonation, token theft, and pass-the-hash/ticket attacks.
Module 6: Advanced Techniques
-
Linux NFS root squash bypass strategies.
-
Windows NTLM/Kerberos and “potato” impersonation attacks.
-
Living off the Land (using built-in OS tools) and stealthy persistence.
Module 7: Defensive Measures
-
Hardening Linux: AppArmor, SELinux, secure sudo, auditing, and patch management.
-
Hardening Windows: UAC, disabling vulnerable services, group policy enforcement, Defender, BitLocker.
-
Monitoring and detection: SIEM solutions, audit trails, IDS/IPS deployment.
Module 8: Hands-On Labs & Assessment
-
Real-world lab scenarios for both Linux and Windows privilege escalation.
-
Practical skills assessment to validate knowledge and techniques.
- 3 Sections
- 54 Lessons
- 10 Weeks
- File Transfer5
- Linux Privilege Escalation24
- 2.1Linux Privilege Escalation1 Hour
- 2.2Linux System & Kernel Enumeration Commands1 Hour
- 2.3Network Interfaces and Configuration Enumeration1 Hour
- 2.4Linux Applications & Services Enumeration1 Hour
- 2.5pspy – unprivileged Linux process snooping1 Hour
- 2.6Password Mining1 Hour
- 2.7Configuration Files1 Hour
- 2.8Identifying Backup Files on Linux1 Hour
- 2.9Critical Linux System File Permissions1 Hour
- 2.10Finding Files and Directories with Special or Insecure Permissions1 Hour
- 2.11SUID Privilege Escalation1 Hour
- 2.12Custom SUID Exploit1 Hour
- 2.13Path Hijacking Path Abusing1 Hour
- 2.14Spawning Root Access via Sudo Privilege Escalation1 Hour
- 2.15Common Root Spawn Commands1 Hour
- 2.16Sudo Custom Binaries Scripts Privilege Escalation1 Hour
- 2.17LD_PRELOAD Privilege Escalation via Misconfigured sudo1 Hour
- 2.18Linux Capabilities1 Hour
- 2.19Cron Jobs & Systemd Timers in Linux1 Hour
- 2.20Cron (Wildcards) – Wildcard Injection (* Expansion)1 Hour
- 2.21Systemd and Systemd Timers1 Hour
- 2.22NFS Root Squashing1 Hour
- 2.23MySQL User-Defined Function (UDF) Exploitation1 Hour
- 2.24Linux Privilege Escalation Enumeration and Analysis Tools1 Hour
- Windows Privilege Escalation25
- 3.1Windows Privilege Escalation1 Hour
- 3.2Windows Shell1 Hour
- 3.3Windows Basic Commands1 Hour
- 3.4Copying Files and Folders in Windows1 Hour
- 3.5Changing File and Folder Attributes Using ATTRIB1 Hour
- 3.6File Permissions with CACLS1 Hour
- 3.7Windows Booting Files1 Hour
- 3.8User Management Commands1 Hour
- 3.9Add User to Administrators1 Hour
- 3.10WMIC Commands1 Hour
- 3.11Service Controller Utility Commands1 Hour
- 3.12Windows Registry1 Hour
- 3.13Managing the Windows Registry from Command Prompt1 Hour
- 3.14Alternate Data Streams (ADS)1 Hour
- 3.15PowerShell Commands1 Hour
- 3.16CMD Commands in PowerShell1 Hour
- 3.17Windows Privilege Escalation1 Hour
- 3.18Windows Kernel Exploits1 Hour
- 3.19MS10-059 – Vulnerabilities in the Tracing Feature for Services1 Hour
- 3.20Windows Certificate Dialog Elevation of Privilege Vulnerability (CVE-2019-1388)1 Hour
- 3.21Password Mining1 Hour
- 3.22Mounting VHD and VHDX Files1 Hour
- 3.23Unattended Install Files (Cleartext Passwords)1 Hour
- 3.24Web Configuration Files and Sensitive Data Discovery1 Hour
- 3.25PowerShell Command History1 Hour
You might be intersted in
-
45 Students
-
20 Weeks
-
84 Students
-
15 Weeks
-
30 Students
-
3 Hours
-
80 Students
-
24 Weeks