Linux Flashcards

1
Q

Linux Privilege Escalation Techniques

A

Kernel Exploits
Programs or Services running as root - could allow you to execute a command
Scripts running as root user - maybe they’re writeable
Vulnerable installed software
Weak/reused/plaintext passwords
SUID/SGID misconfiguration
Abusing sudo rights
World writeable scripts invoked by root
Bad path configuration
cronjobs
unmounted filesystems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the 5 steps of incident response?

A
  1. Preparation - policies, guidelines, exercises
  2. Detection and reporting - monitor, detect, alert, report
  3. Triage and Analysis - endpoint analysis, binary analysis, analyze logs
  4. Containment and neutralization - identify affected systems and shut down, wipe infected devices, block requests from malicious ips, etc
  5. Post-incident activity - monitor, incident report
How well did you know this?
1
Not at all
2
3
4
5
Perfectly