Linux Flashcards
1
Q
Linux Privilege Escalation Techniques
A
Kernel Exploits
Programs or Services running as root - could allow you to execute a command
Scripts running as root user - maybe they’re writeable
Vulnerable installed software
Weak/reused/plaintext passwords
SUID/SGID misconfiguration
Abusing sudo rights
World writeable scripts invoked by root
Bad path configuration
cronjobs
unmounted filesystems
2
Q
What are the 5 steps of incident response?
A
- Preparation - policies, guidelines, exercises
- Detection and reporting - monitor, detect, alert, report
- Triage and Analysis - endpoint analysis, binary analysis, analyze logs
- Containment and neutralization - identify affected systems and shut down, wipe infected devices, block requests from malicious ips, etc
- Post-incident activity - monitor, incident report