Chapter 15 Further Reading

Linux Exploitation and Privilege Escalation

Essential References

GTFOBins https://gtfobins.github.io/ The definitive curated list of Unix binaries exploitable through SUID, sudo, capabilities, and other mechanisms. Every penetration tester should bookmark this resource and consult it during every Linux engagement.

HackTricks - Linux Privilege Escalation https://book.hacktricks.xyz/linux-hardening/privilege-escalation A comprehensive, regularly updated guide covering nearly every Linux privilege escalation technique. Includes practical commands, explanations, and references to tools and exploits.

PayloadsAllTheThings - Linux Privilege Escalation https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation.md An extensive cheat sheet organized by technique category. Particularly useful for quick reference during engagements.

Tools Documentation

LinPEAS (Linux Privilege Escalation Awesome Script) https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS Official repository with documentation, usage guides, and the latest version. LinPEAS is the standard automated enumeration tool for Linux systems.

pspy - Unprivileged Linux Process Snooping https://github.com/DominicBreuker/pspy Monitor processes without root privileges. Essential for discovering hidden cron jobs and scheduled tasks that are not visible in standard cron files.

Linux Smart Enumeration (LSE) https://github.com/diego-treitos/linux-smart-enumeration An alternative to LinPEAS that offers different verbosity levels and a cleaner output format for certain use cases.

Linux Exploit Suggester https://github.com/mzet-/linux-exploit-suggester Automatically correlates kernel versions with known kernel exploits. Essential for kernel vulnerability assessment.

Books

Linux Basics for Hackers by OccupyTheWeb (No Starch Press, 2018) An excellent foundation for understanding Linux from an offensive security perspective. Covers the command line, networking, scripting, and security fundamentals needed before approaching privilege escalation.

The Linux Command Line by William Shotts (No Starch Press, 2019) A thorough guide to the Linux command line that builds the foundational skills necessary for effective Linux enumeration and exploitation.

Penetration Testing by Georgia Weidman (No Starch Press, 2014) Chapter coverage of Linux exploitation provides practical, hands-on walkthrough of privilege escalation techniques in a lab environment.

How Linux Works by Brian Ward (No Starch Press, 3rd Edition, 2021) Deep understanding of Linux internals including processes, memory management, filesystems, and the kernel---knowledge that directly informs privilege escalation techniques.

Kernel Exploitation Deep Dives

Dirty COW (CVE-2016-5195) Technical Analysis https://dirtycow.ninja/ The official Dirty COW page with technical details, proof-of-concept exploits, and links to patches.

Dirty Pipe (CVE-2022-0847) by Max Kellermann https://dirtypipe.cm4all.com/ The discoverer's own writeup explaining the vulnerability, its root cause, and the exploitation mechanism. An excellent case study in kernel vulnerability research.

PwnKit (CVE-2021-4034) by Qualys https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 Qualys's official advisory with detailed technical analysis of the vulnerability and exploitation technique.

Container Security

Trail of Bits: Understanding Docker Container Escapes https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/ A technical deep dive into Docker container escape mechanisms, including socket exposure, privileged containers, and kernel vulnerabilities.

NIST SP 800-190: Application Container Security Guide https://csrc.nist.gov/publications/detail/sp/800-190/final The authoritative government guide to container security, covering image security, registry security, orchestrator security, and host security.

Kubernetes Security Best Practices https://kubernetes.io/docs/concepts/security/ The official Kubernetes documentation on security, including Pod Security Standards, RBAC, network policies, and secrets management.

Container Escape Techniques https://book.hacktricks.xyz/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation HackTricks' comprehensive guide to container escape techniques, covering Docker, Kubernetes, and other container runtimes.

Practice Platforms

TryHackMe - Linux PrivEsc Room https://tryhackme.com/room/linprivesc A guided room covering all major Linux privilege escalation techniques with a purposefully vulnerable machine.

TryHackMe - Linux PrivEsc Arena https://tryhackme.com/room/dvwa Multiple privilege escalation challenges on a single machine, testing your ability to find and exploit various vectors.

HackTheBox - Linux Machines https://www.hackthebox.com/ Regular releases of Linux machines with realistic privilege escalation challenges at various difficulty levels.

VulnHub - Lin.Security https://www.vulnhub.com/entry/linsecurity-1,244/ A purposefully vulnerable Linux VM designed specifically for practicing privilege escalation techniques.

Offensive Security Proving Grounds https://www.offensive-security.com/labs/ Practice machines aligned with OSCP certification content, including numerous Linux privilege escalation scenarios.

Defensive Resources

CIS Benchmarks for Linux https://www.cisecurity.org/benchmark/distribution_independent_linux Industry-standard hardening benchmarks for Linux systems. Apply these configurations to prevent the privilege escalation vectors covered in this chapter.

Linux Audit Framework (auditd) https://linux-audit.com/ Comprehensive guide to Linux audit logging, including rules that detect privilege escalation enumeration and exploitation attempts.

Falco - Runtime Security https://falco.org/ Open-source runtime security tool that detects anomalous activity in containers and Linux systems, including privilege escalation attempts.

Academic and Research Papers

"A Guide to Kernel Exploitation: Attacking the Core" by Enrico Perla and Massimiliano Oldani (Syngress, 2010) Although dated, this book provides foundational knowledge about kernel exploitation techniques that remain relevant for understanding modern kernel vulnerabilities.

"ret2dir: Rethinking Kernel Isolation" by Vasileios Kemerlis et al. (USENIX Security, 2014) Academic research on kernel exploitation techniques and isolation mechanisms.

"Understanding and Hardening Linux Containers" by NCC Group https://research.nccgroup.com/2020/07/10/understanding-and-hardening-linux-containers/ An in-depth whitepaper on Linux container security, covering namespaces, cgroups, capabilities, and practical hardening advice.