Privilege Escalation via $PATH Hijacking and SUID Binaries In this post, we’re diving into a classic privilege escalation trick that catches a lot of vulnerable systems (and beginner CTF players) off guard: abusing the $PATH environment variable to hijack execution flow in SUID binaries. If you’re not looking closely, it’s easy to miss. But once […]
winPEAS for Windows PrivEsc When you gain initial access on a Windows machine — whether through a low-privileged user shell, a foothold via Metasploit, or a reverse shell — the next step is often privilege escalation. One of the most powerful tools to automate and accelerate this process is winPEAS. This post covers: What is
Post-Compromise Enumeration on Linux Enumeration is the first step you take once you gain access to any system — and it never stops mattering. Whether you landed root via a juicy RCE or snuck in with a low-privileged shell, you now need to figure out where you are, what you have, and what you can
Linux Post-Compromise Enum Read More »
Windows Privileges: Understanding Windows privileges is crucial when targeting local escalation, persistence, and impersonation on Windows systems. This guide breaks down the core privileges in Windows, how they affect security, and how pentesters can abuse them to move from user to SYSTEM — or better. What Are Windows Privileges? Privileges are specific rights assigned to
Windows Privileges Read More »
Windows Access Tokens: Access tokens are at the core of how Windows manages identity and permissions. As a pentester, understanding how these tokens work — and more importantly, how to abuse them — gives you powerful tools for privilege escalation, lateral movement, and persistence. This guide breaks down all the important Windows access tokens, how
Windows Access Tokens Read More »
Linux Privilege Escalation: From Low-Priv to Root Enumeration First — Always Before you even think about privilege escalation, stop and assess the environment. Enumeration isn’t a step — it’s the foundation for everything that comes next. Privilege escalation on Linux is rarely about zero-day exploits. It’s about spotting misconfigurations, leftover credentials, poor permissions, and overlooked
Linux Privilege Escalation Read More »
