Adding a table of contents to my Ghost Blog
Linux PrivEsc – Services Running as Root
I picked up some Udemy courses on PrivEsc.
There are some accompanying exercises on TryHackMe.
Today's lesson, and it was something I already knew, but it was nice to get to exploit it in practice. It's making use of a service running as root. In this case, mysql. That's why it's considered bad practice to run any service as root.
CIS Benchmarks – Disable Unused Filesystems
These are usually standard practice, and I hear that a lot of these configurations are pretty stantard practice, but it's still good to know and understand, so you can have an idea of misconfigurations to look for when testing systems. It's nothing special, and isn't super-secret knowledge, but it's more knowledge nonetheless.
Check those out here. They are free.