Check Your Privilege (Escalation) - Kate Broussard BSides Columbus Ohio 2019 (Hacking Illustrated Series InfoSec Tutorial Videos)
Check Your Privilege (Escalation)
Kate Broussard
BSides Columbus Ohio 2019

So you've managed to get a foothold into the web server , now what? Privilege escalation can be an intimidating process for those unfamiliar with Linux systems or advanced penetration testing techniques. Servers are often cluttered with utilities, backups, and files; how do you find your way through to a root shell? Where are the first places an attacker might look for exploitable vulnerabilities? In this workshop, participants will learn about common privilege escalation paths on Linux systems, including sticky bits, shell escapes, wildcard injections, and how to identify vulnerable services. The workshop will demonstrate several techniques for those looking to improve their security skills, with time for discussion afterward. The speaker will also make a vulnerable VM image available to participants who wish to practice further.

Kate Broussard (eWPT) is a Senior Security Analyst at Bishop Fox, where she focuses on application penetration testing, cryptography, and source code review. Her experience at Bishop Fox includes hybrid application assessments for Fortune 500 software companies and startups. Kate previously owned and operated a web application security consulting business, where she worked with small businesses to perform penetration testing for their websites. She also has extensive prior experience with web application development, including projects where she designed and developed instructional websites for university faculty. Additionally, Kate has extensive experience with software development lifecycle (SDLC) documentation. She holds a Master of Arts in Comparative Literature from the University of Texas at Austin

Back to BSides Columbus Ohio 2019 video list



If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek