Adversaries frequently use unprivileged access to enter and browse a network, but they need privileged access to complete their tasks. In this course, you will learn privilege escalation using the PEASS-NG suite.
Manually looking for privilege escalation paths can become a timely activity. Sometimes you may miss misconfigurations that are easily exploitable and at times you may not be looking at all possibilities. In this course, Privilege Escalation with PEASS-NG, you’ll cover how to utilize WinPEAS and LinPEAS to execute privilege escalation in a red team environment. First, you’ll explore using LinPEAS to discover excessive permissions related to SETUID/SETGID. Next, you’ll apply WinPEAS to discover dll’s that can be exploited. Finally, you’ll simulate the task of finding valuable registry keys which enable you to install services with elevated permissions. When you’re finished with this course, you’ll have the skills and knowledge to execute these techniques [T1548.001, T1055.001, T1547.001] using the PEASS-NG suite. More importantly, knowing how these techniques can be used against you, will ultimately lend to your ability as an organization, or an individual, to detect and defend against specific attack vectors.
Manually looking for privilege escalation paths can become a timely activity. Sometimes you may miss misconfigurations that are easily exploitable and at times you may not be looking at all possibilities. In this course, Privilege Escalation with PEASS-NG, you’ll cover how to utilize WinPEAS and LinPEAS to execute privilege escalation in a red team environment. First, you’ll explore using LinPEAS to discover excessive permissions related to SETUID/SETGID. Next, you’ll apply WinPEAS to discover dll’s that can be exploited. Finally, you’ll simulate the task of finding valuable registry keys which enable you to install services with elevated permissions. When you’re finished with this course, you’ll have the skills and knowledge to execute these techniques [T1548.001, T1055.001, T1547.001] using the PEASS-NG suite. More importantly, knowing how these techniques can be used against you, will ultimately lend to your ability as an organization, or an individual, to detect and defend against specific attack vectors.