Privilege Escalation (September 2025)
A privilege escalation course teaches cybersecurity professionals and ethical hackers how attackers exploit vulnerabilities to elevate their access in Linux and Windows systems, covering both vertical (user-to-admin) and horizontal (peer-to-peer) privilege escalation methods. Learners gain practical skills for manually and …
A privilege escalation course teaches cybersecurity professionals and ethical hackers how attackers exploit vulnerabilities to elevate their access in Linux and Windows systems, covering both vertical (user-to-admin) and horizontal (peer-to-peer) privilege escalation methods. Learners gain practical skills for manually and automatically enumerating systems, identifying weak configurations, leveraging common exploits, and defending against these threats using real-world techniques and popular security tools.
Course Description
-
The course covers the core concepts of privilege escalation, focusing on how attackers move from basic user accounts to privileged access.
-
It explains vertical escalation (gaining admin rights) and horizontal escalation (accessing peer user accounts), with practical examples on both Linux and Windows platforms.
-
Students learn hands-on manual enumeration techniques (e.g., inspecting user, service, and kernel details), automated vulnerability scanning with specialized tools, and methods to exploit system weaknesses.
-
Topics include kernel exploits, misconfigurations, password mining, registry attacks, scheduled task abuse, and techniques for persistence, impersonation, and post-exploitation activities.
-
The course also teaches defensive strategies, including system hardening, proper configuration, monitoring and detection, and deploying auditing tools to safeguard against escalation attacks.
This course gives learners comprehensive, hands-on knowledge of privilege escalation techniques and defenses, preparing them for security assessments, penetration testing, and real-world incident response scenarios.
Here is a structured outline for a course on Privilege Escalation covering both Linux and Windows environments, based on current security training standards and the details you provided.
Module 1: Introduction to Privilege Escalation
-
Overview of privilege escalation and its impact on security.
-
Types: vertical vs. horizontal privilege escalation.
-
Real-world attack scenarios in penetration testing and ethical hacking.
Module 2: Manual Enumeration
-
User and group enumeration.
-
Operating system and kernel version discovery.
-
Network, application, and service enumeration.
-
Home directory analysis and file permissions review.
Module 3: Automated Enumeration & Vulnerability Scanning
-
Usage of tools: LinPEAS, PowerUp, Sherlock, GTFOBins, Linux/Windows Exploit Suggester.
-
Vulnerability scanning: Nmap, Nessus, OpenVAS.
-
Identification of kernel/service vulnerabilities and misconfigurations.
Module 4: Exploiting Linux Privilege Escalation Vulnerabilities
-
Kernel and service exploits.
-
SUID/SGID binaries and abusing the PATH variable.
-
Password mining, cracking, and shell escape sequences.
-
Exploiting misconfigured cron jobs and systemd timers.
Module 5: Exploiting Windows Privilege Escalation Vulnerabilities
-
Windows kernel exploits and service misconfigurations.
-
Registry and credential extraction, e.g., using Mimikatz.
-
Exploiting scheduled tasks and startup applications.
-
Impersonation, token theft, and pass-the-hash/ticket attacks.
Module 6: Advanced Techniques
-
Linux NFS root squash bypass strategies.
-
Windows NTLM/Kerberos and “potato” impersonation attacks.
-
Living off the Land (using built-in OS tools) and stealthy persistence.
Module 7: Defensive Measures
-
Hardening Linux: AppArmor, SELinux, secure sudo, auditing, and patch management.
-
Hardening Windows: UAC, disabling vulnerable services, group policy enforcement, Defender, BitLocker.
-
Monitoring and detection: SIEM solutions, audit trails, IDS/IPS deployment.
Module 8: Hands-On Labs & Assessment
-
Real-world lab scenarios for both Linux and Windows privilege escalation.
-
Practical skills assessment to validate knowledge and techniques.
- 2 Sections
- 8 Lessons
- 10 Weeks
- File Transfer5
- Linux Privilege Escalation3
You might be intersted in
-
86 Students
-
10 Weeks
-
88 Students
-
24 Weeks