Linux privilege escalation checks for suspicious local state

13031 views

                  #!/usr/bin/env bash
set -euo pipefail

find / -perm -4000 -type f 2>/dev/null | sort
sudo -l
find /etc/systemd/system -type f -writable 2>/dev/null
getcap -r / 2>/dev/null

Privilege escalation detection is rarely one command. I look for unexpected SUID binaries, writable service units, dangerous sudo rules, and kernel or package drift. These checks are not glamorous, but they catch a lot of real misconfigurations that attackers abuse quickly.

Kai Nakamura

More from Kai Nakamura

Linux privilege escalation checks for suspicious local state

0 Comments

More from Kai Nakamura