Carlos Polop
Carlos Polop, Spanish, Telecommunications Engineer by the UPM, Master in Cybersecurity by the UC3M, OSCP, CRTP and OSWE.
I have worked as Pentester in PWC Spain, as Security Specialist in the Department of Defence of Spain, and I'm currently working as Senior Pentester in SEC-1 (Claranet) based in London.
I'm also a hackaton and CTF player (SirBroccoli on HackTheBox).
You can learn every trick I learn about cybersecurity in my web page: https://book.hacktricks.xyz/
Sessions
Local privilege escalation techniques are far beyond checking the Windows/Kernel version, looking for unquoted service paths or checking SUID binaries.
Moreover, a local privilege escalation could make a huge difference when trying to comprise a domain.
Several tools have been created to find possible privilege escalation paths, but most of the tools for Red Team and Pentesting just check for a few possible paths, so pentesters need to use several tools and do some manual recon to check for everything.
During this talk I will present a suite of open source privesc enumerators that I have created called PEASS (Privilege Escalation Awesome Scripts Suite). The goal of this suite is to check and highlight every possible privesc path so professionals don’t need to execute several different tools and can very easily find the vulnerabilities.
At the moment, this suite contains the most complete and user friendly privesc enumerators for Windows (in .Net and bat) and Unix (Linux, MacOS, OpenBSD, FreeBSD).
Notice that independently of the technical level of the audience I’m sure that they will learn some new privilege escalation vector.
Local privilege escalation techniques are far beyond checking the Windows/Kernel version, looking for unquoted service paths or checking SUID binaries.
Moreover, a local privilege escalation could make a huge difference when trying to comprise a domain.
Several tools have been created to find possible privilege escalation paths, but most of the tools for Red Team and Pentesting just check for a few possible paths, so pentesters need to use several tools and do some manual recon to check for everything.