Things I learned today -- 11.14.20

Adding a table of contents to my Ghost Blog

I learned how to add a table of contents to my blog posts. I used this guide.

Linux PrivEsc – Services Running as Root

I picked up some Udemy courses on PrivEsc.

There are some accompanying exercises on TryHackMe.

Today's lesson, and it was something I already knew, but it was nice to get to exploit it in practice. It's making use of a service running as root. In this case, mysql. That's why it's considered bad practice to run any service as root.

CIS Benchmarks – Disable Unused Filesystems

These are usually standard practice, and I hear that a lot of these configurations are pretty stantard practice, but it's still good to know and understand, so you can have an idea of misconfigurations to look for when testing systems. It's nothing special, and isn't super-secret knowledge, but it's more knowledge nonetheless.

Check those out here. They are free.