Tagged articles

73 articles

Page 1 of 1

May 28, 2026 · Information Security

12‑Byte Syscall in Browser Sandbox Grants SYSTEM on Windows (CVE‑2026‑40369 PoC)

The article details CVE‑2026‑40369, a Windows kernel flaw in ExpGetProcessInformation where a zero‑length buffer bypasses ProbeForWrite, allowing a browser sandbox process to write arbitrary kernel memory with a 12‑byte syscall, leading to a deterministic, fully‑reliable privilege‑escalation chain that grants SYSTEM without race conditions, and discusses detection and mitigation.

CVE-2026-40369NtQuerySystemInformationWindows kernel

0 likes · 11 min read

12‑Byte Syscall in Browser Sandbox Grants SYSTEM on Windows (CVE‑2026‑40369 PoC)

Black & White Path

May 27, 2026 · Information Security

Five AD Permission Misconfigurations That Let Attackers Escalate to Domain Admin Without Exploits

The article explains how misconfigured Active Directory DACL entries enable five distinct privilege‑escalation paths—ForceChangePassword, FullControl on Domain Admins, DCSync, WriteMembers, and GUID‑based ACE writes—demonstrating each step with impacket commands, showing detection events, and offering concrete defense recommendations.

Active DirectoryBloodHoundDACL

0 likes · 17 min read

Five AD Permission Misconfigurations That Let Attackers Escalate to Domain Admin Without Exploits

Black & White Path

May 6, 2026 · Information Security

Inside RegPwn (CVE‑2026‑24291): How a Simple Lock‑Screen Race Condition Grants SYSTEM Access

CVE‑2026‑24291, dubbed RegPwn, exploits a race condition in the Windows ATConfig mechanism that lets a standard user create a registry symbolic link, trigger a lock‑screen transition, and silently elevate to SYSTEM, affecting multiple Windows 10, 11, and Server releases until patched in March 2026.

ATBrokerCVE-2026-24291Detection

0 likes · 15 min read

Inside RegPwn (CVE‑2026‑24291): How a Simple Lock‑Screen Race Condition Grants SYSTEM Access

Black & White Path

May 4, 2026 · Information Security

Critical Vulnerabilities Discovered in Apache OpenNLP, Including XXE Injection

Three high‑severity CVEs affecting Apache OpenNLP (up to version 2.5.8 and 3.0.0‑M2) enable denial‑of‑service, privilege escalation, and XXE attacks, allowing attackers to crash services, gain higher privileges, or read arbitrary files, and the article outlines mitigation steps.

Apache OpenNLPCVEDoS

0 likes · 5 min read

Critical Vulnerabilities Discovered in Apache OpenNLP, Including XXE Injection

ITPUB

May 3, 2026 · Information Security

8 Essential Windows Privilege‑Escalation Techniques Every Security Analyst Should Know

This guide walks through eight practical Windows privilege‑escalation methods—including manual system and user enumeration, automated tools such as WinPEAS and PowerUp, kernel exploits, WSL abuse, token impersonation, credential harvesting, scheduled‑task abuse, and weak‑service exploitation—providing step‑by‑step commands, code snippets, and real‑world Hack The Box examples.

Kernel ExploitPowerUpToken Impersonation

0 likes · 19 min read

8 Essential Windows Privilege‑Escalation Techniques Every Security Analyst Should Know

Black & White Path

May 3, 2026 · Information Security

DeepSeek + Claude Code Reproduce CVE‑2026‑31431 Linux ‘Copy Fail’ Privilege Escalation

The author demonstrates how a human‑provided prompt combined with DeepSeek v4 Pro and Claude Code can autonomously audit the Linux 6.12 crypto subsystem, locate the CVE‑2026‑31431 “Copy Fail” privilege‑escalation bug, and validate the full exploit chain in four iterative dialogues costing less than three dollars.

AI auditingCVE-2026-31431Claude Code

0 likes · 16 min read

DeepSeek + Claude Code Reproduce CVE‑2026‑31431 Linux ‘Copy Fail’ Privilege Escalation

Black & White Path

Apr 30, 2026 · Information Security

Linux Kernel’s ‘Copy Fail’ CVE‑2026‑31431: A 732‑Byte Python Script Grants Root in One Step

A newly disclosed Linux kernel vulnerability (CVE‑2026‑31431, dubbed “Copy Fail”) allows an unprivileged user to execute a 732‑byte Python script that writes four controllable bytes into the page cache, directly modifying /usr/bin/su to obtain root, affecting all kernels from 2017 to the patch release and posing severe risks such as container escape and cloud‑tenant isolation breaches.

CVE-2026-31431Linuxcontainer escape

0 likes · 11 min read

Linux Kernel’s ‘Copy Fail’ CVE‑2026‑31431: A 732‑Byte Python Script Grants Root in One Step

MaGe Linux Operations

Apr 17, 2026 · Information Security

Master Linux Privilege Escalation: Risks, Exploits, and Hardening Guide

This comprehensive guide explains the most common Linux privilege‑escalation vectors—including unsafe SUID binaries, sudo misconfigurations, cron jobs, password and SSH‑key leaks, kernel vulnerabilities, container escapes, and file‑permission flaws—while providing concrete detection commands and practical hardening steps for each risk.

BashHardeningLinux security

0 likes · 23 min read

Master Linux Privilege Escalation: Risks, Exploits, and Hardening Guide

Black & White Path

Apr 15, 2026 · Information Security

CVE-2025-2563: How Pre‑4.1.2 WordPress Registration Plugins Enable Privilege Escalation

CVE-2025-2563 affects WordPress installations prior to version 4.1.2 where user registration and membership plugins, when the membership add‑on is enabled, fail to block role assignment, allowing unauthenticated users to elevate themselves to administrator privileges.

CVE-2025-2563Security VulnerabilityWordPress

0 likes · 1 min read

CVE-2025-2563: How Pre‑4.1.2 WordPress Registration Plugins Enable Privilege Escalation

Black & White Path

Apr 6, 2026 · Information Security

How a 2026 Windows Kernel Bug in afd.sys Escapes the Sandbox and Takes Over the System

The article dissects CVE‑2026‑21236 in the legacy afd.sys driver, showing how an integer‑overflow in AfdBind lets attackers obtain a raw device handle, bypass KASLR, manipulate kernel structures like EPROCESS and KTHREAD, and silently elevate a process to SYSTEM privileges.

CVE-2026-21236KASLR bypassVBS

0 likes · 6 min read

How a 2026 Windows Kernel Bug in afd.sys Escapes the Sandbox and Takes Over the System

NiuNiu MaTe

Mar 16, 2026 · Information Security

Is OpenClaw Safe? Inside the Massive AI Agent Security Crisis

OpenClaw, the popular AI agent with over 300,000 GitHub stars, harbors severe security flaws—including 512 vulnerabilities, malicious skill injections, and an exposed backend—allowing attackers to execute commands, steal credentials, and hijack systems; this article outlines the four main threat vectors and practical steps to mitigate them.

AI securityOpenClawSupply Chain Attack

0 likes · 9 min read

Is OpenClaw Safe? Inside the Massive AI Agent Security Crisis

Black & White Path

Mar 12, 2026 · Information Security

AuthKit: A Burp Suite Plugin for Automated Privilege‑Escalation Detection

AuthKit is a Burp Suite extension that expands a single request into Original, Unauthorized and multiple‑role samples to uncover unauthorized access, horizontal and vertical privilege escalation, and BOLA issues, offering passive capture, right‑click active testing, multi‑identity replay, metric dashboards, diff views, context‑menu integration, and flexible scope controls.

AuthKitBOLABurp Suite

0 likes · 3 min read

AuthKit: A Burp Suite Plugin for Automated Privilege‑Escalation Detection

Linux Tech Enthusiast

Mar 11, 2026 · Operations

What’s the Difference Between Linux su and sudo Commands?

The article explains how the Linux su command switches user identities using the root password, while sudo lets regular users run privileged commands with their own password, comparing their usage, security, logging, permission scope, and suitable scenarios.

LinuxSudoprivilege escalation

0 likes · 6 min read

What’s the Difference Between Linux su and sudo Commands?

Black & White Path

Mar 7, 2026 · Information Security

How I Uncovered Multiple Vulnerabilities in My Alma Mater’s Campus App

The article details an authorized penetration test of a university campus app, revealing sensitive data leakage, horizontal and vertical privilege escalation, face‑photo tampering, and a stored XSS flaw, each demonstrated step‑by‑step with packet captures and screenshots.

information leakagemobile app securitypenetration testing

0 likes · 6 min read

How I Uncovered Multiple Vulnerabilities in My Alma Mater’s Campus App

Black & White Path

Feb 25, 2026 · Information Security

100 Essential Commands for Internal Network Penetration Testing

This guide compiles 100 high‑frequency native commands for Windows and Linux that cover internal network reconnaissance, host discovery, lateral movement, privilege escalation, domain enumeration, file searching, log cleaning and persistence, providing a practical reference for security professionals conducting penetration tests.

Command LineLinuxNetwork Reconnaissance

0 likes · 13 min read

100 Essential Commands for Internal Network Penetration Testing

Black & White Path

Feb 24, 2026 · Information Security

Common Privilege‑Escalation Vulnerabilities in Penetration Testing

This article systematically details the most frequently encountered privilege‑escalation flaws in penetration testing, covering Windows service misconfigurations, registry hijacking, kernel exploits, DLL hijacking, Linux SUID/SGID abuse, sudo misconfigurations, cron abuse, writable passwd files, and Docker escape techniques, along with step‑by‑step exploitation procedures and defensive recommendations.

CVELinuxSUID

0 likes · 29 min read

Common Privilege‑Escalation Vulnerabilities in Penetration Testing

Black & White Path

Feb 22, 2026 · Information Security

30 Practical Web Penetration Testing Techniques You Must Know

This guide walks through 30 hands‑on web penetration testing techniques covering the full workflow—from information gathering and vulnerability discovery to privilege escalation, internal network pivoting, and defense evasion—providing concrete commands, tool recommendations, and real‑world tips for security engineers and testers.

Information GatheringWeb Securitydefense evasion

0 likes · 26 min read

30 Practical Web Penetration Testing Techniques You Must Know

Black & White Path

Feb 19, 2026 · Information Security

How AI Cracks AWS in Under 8 Minutes, Rendering Cloud Defenses Useless

A Sysdig report shows that attackers using large language models can steal credentials, elevate privileges, move laterally across 19 AWS accounts, hijack Amazon Bedrock models, and abuse GPU resources—all within eight minutes, leaving traditional cloud defenses with virtually no response window.

AIGPU abuseLLM

0 likes · 6 min read

How AI Cracks AWS in Under 8 Minutes, Rendering Cloud Defenses Useless

Ops Development & AI Practice

Oct 4, 2025 · Information Security

Securing Payment Flows: Prevent Privilege Escalation with Webhooks and Queues

This article explains how to design a secure payment‑to‑business‑logic workflow by separating concerns, verifying webhook signatures, using message queues for asynchronous processing, and applying privilege‑escalation safeguards such as service accounts, idempotency, and network isolation.

Golangpaymentprivilege escalation

0 likes · 14 min read

Securing Payment Flows: Prevent Privilege Escalation with Webhooks and Queues

Ops Community

Sep 18, 2025 · Information Security

Essential Linux Security: Common Vulnerabilities and Practical Defense Strategies

This guide walks you through the most critical Linux security flaws—from privilege‑escalation and misconfigured sudo to SSH, web server, kernel, and container risks—offering concrete hardening steps, logging practices, firewall rules, incident‑response procedures, and compliance tips to build a resilient production environment.

Container SecurityIncident ResponseLinux security

0 likes · 16 min read

Essential Linux Security: Common Vulnerabilities and Practical Defense Strategies

Wukong Talks Architecture

Sep 1, 2025 · Information Security

Boost Web Privilege Testing with the XiaYue Burp Suite Plugin

XiaYue, a powerful Burp Suite extension, automates vertical and horizontal privilege escalation detection by comparing responses across multiple permission levels, offering smart deduplication, advanced filtering, parameter replacement, visual data tables, persistent configuration, and performance optimizations, while the author also shares a heartfelt story about their child's school start.

Burp SuiteVulnerability DetectionWeb Security

0 likes · 9 min read

Boost Web Privilege Testing with the XiaYue Burp Suite Plugin

Open Source Linux

Jul 7, 2025 · Information Security

Critical Linux sudo Vulnerability (CVE‑2025‑32463) Enables Root Privilege Escalation

Borncity reported on July 1 that a critical sudo vulnerability (CVE‑2025‑32463) in Linux, caused by mishandling of /etc/nsswitch.conf and flawed options like –host, –h and –chroot, –R, can allow attackers to execute arbitrary code and elevate privileges to root, affecting sudo versions 1.9.14‑1.9.17.

CVE-2025-32463LinuxSecurity Vulnerability

0 likes · 2 min read

Critical Linux sudo Vulnerability (CVE‑2025‑32463) Enables Root Privilege Escalation

Raymond Ops

Apr 15, 2025 · Information Security

How to Exploit Docker for Linux Privilege Escalation – A Step‑by‑Step Guide

This article walks through Docker privilege escalation techniques on Linux, covering Docker basics, permission discovery, manual and automated enumeration with LinPEAS, and three practical breakout scenarios—including abusing Docker group rights, escaping privileged containers, and breaking out of non‑privileged containers using SUID binaries and release_agent attacks.

Container SecurityDockerLinPEAS

0 likes · 25 min read

How to Exploit Docker for Linux Privilege Escalation – A Step‑by‑Step Guide

Raymond Ops

Mar 28, 2025 · Information Security

Uncover Hidden Passwords on Linux: From File Scans to Hash Cracking

This guide walks you through systematic Linux password hunting techniques—including searching filenames, scanning file contents, extracting credentials from web and config files, cracking hashes with Hashcat and John, leveraging hidden files, MySQL databases, backup archives, and automating discovery with LinPEAS—to elevate privileges and gain full root access.

HashcatJohn the RipperLinux

0 likes · 30 min read

Uncover Hidden Passwords on Linux: From File Scans to Hash Cracking

Linux Kernel Journey

Nov 7, 2024 · Information Security

Using eBPF to Protect, Detect, and Audit Malicious eBPF Programs

The article analyzes how attackers can abuse eBPF to steal data, elevate privileges, execute commands, and hide processes, then presents concrete eBPF code for such attacks and outlines practical protection, detection, and auditing techniques—including file analysis, bpftool usage, and kernel tracing—to mitigate these threats.

Kernel SecuritybpftooleBPF

0 likes · 27 min read

Using eBPF to Protect, Detect, and Audit Malicious eBPF Programs

Liangxu Linux

Oct 24, 2024 · Information Security

Master Linux Password Hunting: From File Names to Hash Cracking with Hashcat & John

This guide walks through systematic techniques for locating passwords on a compromised Linux host—including searching file names, file contents, hidden directories, web configuration files, MySQL databases, backup folders, and encrypted archives—while demonstrating how to crack discovered hashes using Hashcat, John the Ripper, and LinPEAS.

HashcatJohn the RipperLinPEAS

0 likes · 27 min read

Master Linux Password Hunting: From File Names to Hash Cracking with Hashcat & John

Linux Code Review Hub

Oct 24, 2024 · Information Security

Practical eBPF Security: Auditing and Intercepting Privilege‑Escalation Operations

The article explains how attackers exploit SUID binaries for privilege escalation and demonstrates how to use eBPF LSM hooks (file_open, bprm_check_security) and Kprobe tracing to audit such operations, then shows how to block them by returning error codes while exempting root users.

AuditingInterceptionKprobe

0 likes · 9 min read

Practical eBPF Security: Auditing and Intercepting Privilege‑Escalation Operations

Efficient Ops

Oct 14, 2024 · Operations

Mastering su vs sudo: When and How to Switch Users on Linux

This guide clarifies the differences between the Linux commands su and sudo, explains their options and effects on the shell environment, shows how to create and manage users, edit the sudoers file, and choose the appropriate method for secure privilege escalation.

LinuxSudoUser Management

0 likes · 14 min read

Mastering su vs sudo: When and How to Switch Users on Linux

Huolala Tech

Sep 17, 2024 · Information Security

How to Automate Logic Vulnerability Detection with DAST, IAST, and API Analysis

This article outlines the background of logic vulnerabilities, compares SAST/IAST/DAST techniques, presents a comprehensive detection architecture with API traffic capture, token collection, fuzzy‑hash response comparison, API deduplication, and discusses challenges such as public API false positives and automation gaps.

API SecurityDASTIAST

0 likes · 16 min read

How to Automate Logic Vulnerability Detection with DAST, IAST, and API Analysis

MaGe Linux Operations

Jun 30, 2024 · Information Security

How to Break Out of Docker Containers and Gain Root Access on Linux

This tutorial walks through Docker privilege‑escalation techniques, showing how to enumerate Docker permissions, exploit docker group membership, use GTFOBins and LinPEAS, and break out of both privileged and non‑privileged containers to obtain a root shell on the host.

Container SecurityDockerLinux

0 likes · 25 min read

How to Break Out of Docker Containers and Gain Root Access on Linux

Aikesheng Open Source Community

Mar 19, 2024 · Information Security

Risks of Granting MySQL Authentication Table Permissions and How to Mitigate Them

The article explains how granting ordinary MySQL users full access to authentication tables can lead to severe privilege‑escalation risks, demonstrates the issue with concrete scenarios, and provides mitigation strategies including the use of MySQL 8.0 partial revokes and the principle of least privilege.

Access ControlInformation SecurityPartial Revokes

0 likes · 9 min read

Risks of Granting MySQL Authentication Table Permissions and How to Mitigate Them

Liangxu Linux

Mar 7, 2024 · Information Security

How Windows Is Bringing Linux‑Style sudo to Its Command Line

Windows 11 Insider builds are adding a native sudo command that lets users elevate individual commands with familiar Linux‑style privilege management, offering finer‑grained control than the traditional "Run as administrator" option while reflecting Microsoft's growing embrace of Linux technologies.

Linux compatibilitySudoSystem Administration

0 likes · 6 min read

How Windows Is Bringing Linux‑Style sudo to Its Command Line

21CTO

Sep 20, 2023 · Information Security

How ncurses Environment Variable Bugs Can Escalate Privileges on macOS and Linux

The recent discovery of CVE‑2023‑29491 reveals that the long‑standing ncurses library contains environment‑variable poisoning flaws that allow attackers to gain elevated privileges on macOS and Linux systems, prompting urgent updates and mitigation guidance.

CVE-2023-29491Security Vulnerabilityenvironment variable poisoning

0 likes · 6 min read

How ncurses Environment Variable Bugs Can Escalate Privileges on macOS and Linux

MaGe Linux Operations

Aug 12, 2023 · Operations

su vs sudo: Which Linux Privilege Command Should You Use?

This article explains the differences between the Linux su and sudo commands, covering how each switches user identity, their security implications, permission scopes, logging behavior, usage methods, and ideal scenarios to help you choose the right tool for privileged operations.

LinuxSudoSystem Administration

0 likes · 6 min read

su vs sudo: Which Linux Privilege Command Should You Use?

Open Source Linux

Jul 31, 2023 · Operations

When to Use su vs sudo: Choosing the Right Linux Privilege Command

This article compares the Linux su and sudo commands, explaining how each works, their security implications, logging behavior, usage differences, and ideal scenarios, helping users choose the appropriate tool for switching users or executing privileged operations.

LinuxSudoprivilege escalation

0 likes · 6 min read

When to Use su vs sudo: Choosing the Right Linux Privilege Command

Java Architect Essentials

May 26, 2023 · Information Security

Step‑by‑Step WordPress Site Penetration Testing Tutorial

This tutorial walks beginners through the entire process of compromising a WordPress website, from initial information gathering and DNS enumeration to vulnerability scanning, exploitation with tools like sqlmap and nmap, privilege escalation, and establishing persistent backdoors.

Information SecuritySQLMapWebshell

0 likes · 10 min read

Step‑by‑Step WordPress Site Penetration Testing Tutorial

MaGe Linux Operations

May 21, 2023 · Information Security

Step‑by‑Step Webshell Upload and Kernel Privilege Escalation on Ubuntu 16.04

This tutorial walks through setting up an Ubuntu 16.04 vulnerable environment, gathering information, uploading a webshell via MySQL into outfile or log injection, establishing a reverse shell with Metasploit, and finally exploiting CVE‑2021‑4034 for kernel privilege escalation, while also covering post‑exploitation persistence techniques.

Information SecurityKaliLinux

0 likes · 10 min read

Step‑by‑Step Webshell Upload and Kernel Privilege Escalation on Ubuntu 16.04

360 Quality & Efficiency

Apr 7, 2023 · Information Security

Understanding Windows User Permissions, Privilege Dropping, and Elevation (UAC)

This article explains Windows user permission types, inheritance, the concepts of privilege dropping and elevation, how Explorer.exe can be used for privilege reduction, and the role of UAC and ShellExecute/ShellExecuteEx APIs in managing application security.

ExplorerShellExecuteExUAC

0 likes · 7 min read

Understanding Windows User Permissions, Privilege Dropping, and Elevation (UAC)

OPPO Kernel Craftsman

Oct 21, 2022 · Information Security

DirtyPipe (CVE‑2022‑0847) Vulnerability Analysis and Exploitation on Android/Linux

DirtyPipe (CVE‑2022‑0847) is a high‑severity Linux kernel flaw that lets attackers arbitrarily overwrite any readable file via an uninitialized pipe‑buffer flag, enabling privilege escalation on Android and other systems by patching shared libraries, bypassing SELinux, loading malicious modules, and ultimately gaining root, highlighting urgent need for patches and integrity protections.

CVE-2022-0847DirtyPipeLinux kernel

0 likes · 17 min read

DirtyPipe (CVE‑2022‑0847) Vulnerability Analysis and Exploitation on Android/Linux

Laravel Tech Community

Sep 26, 2022 · Information Security

Privilege Escalation Vulnerability in Visual Studio Code < 1.71.1 (CVE-2022-38020)

Visual Studio Code versions prior to 1.71.1 contain a privilege‑escalation flaw where a low‑privileged Windows attacker can place a malicious bash.exe in a special directory, causing the editor to load and execute the file, and the issue is fixed by upgrading to version 1.71.1 or later.

CVE-2022-38020Security VulnerabilityVisual Studio Code

0 likes · 2 min read

Privilege Escalation Vulnerability in Visual Studio Code < 1.71.1 (CVE-2022-38020)

MaGe Linux Operations

Aug 19, 2022 · Information Security

Bypassing PHP disable_functions and Building Encrypted Reverse Shells: A Hands‑On Guide

This article walks through practical techniques for bypassing PHP's disable_functions, hiding attacker IPs, creating encrypted bash reverse shells, maintaining persistence with cron and screen, probing outbound ports, setting up internal network proxies, and cleaning forensic traces, all aimed at penetration testing and red‑team operations.

PHPcron persistencedisable_functions

0 likes · 13 min read

Bypassing PHP disable_functions and Building Encrypted Reverse Shells: A Hands‑On Guide

MaGe Linux Operations

Jul 16, 2022 · Information Security

How to Exploit Horizontal Privilege Escalation: From Parameter Tampering to XSS

This article walks through a full horizontal privilege escalation attack, showing how altering POST data, REST‑style URLs, and cookie fields can grant unauthorized view, edit, and delete rights, and how to amplify the impact with self‑XSS and CSRF techniques.

CSRFXSShorizontal privilege

0 likes · 7 min read

How to Exploit Horizontal Privilege Escalation: From Parameter Tampering to XSS

MaGe Linux Operations

Jul 6, 2022 · Information Security

How to Bypass a WAF and Capture the Flag on Minu-1 – A Complete Pen‑Test Walkthrough

This step‑by‑step guide demonstrates how to enumerate a vulnerable host, identify and fingerprint its Web Application Firewall, apply multiple WAF‑bypass techniques—including fuzzing, command injection, binary abuse and URL‑encoding tricks—to obtain a stable shell, perform privilege escalation, decode a JWT token and finally retrieve the root flag.txt.

Information GatheringJWT crackingLinux exploitation

0 likes · 16 min read

How to Bypass a WAF and Capture the Flag on Minu-1 – A Complete Pen‑Test Walkthrough

Bilibili Tech

Jun 17, 2022 · Information Security

Container Escape Techniques, Exploits, and Mitigation Strategies

The article explains how attackers can break out of Docker containers by exploiting misconfigurations, vulnerable Docker components, kernel bugs, or Kubernetes RBAC errors, illustrates real‑world exploits such as host‑proc mounts and CVE‑2019‑5736, and provides mitigation steps like limiting privileges, updating software, and securing configurations.

Container SecurityDockerNamespace

0 likes · 15 min read

Container Escape Techniques, Exploits, and Mitigation Strategies

21CTO

Apr 29, 2022 · Information Security

How Nimbuspwn Exploits systemd’s networkd-dispatcher for Root Access

Microsoft researchers uncovered the Nimbuspwn vulnerability in systemd’s networkd-dispatcher, detailing how directory‑traversal, symlink‑race, and TOCTOU flaws let attackers replace root‑owned scripts, achieve privilege escalation, and why coordinated patching across hundreds of Linux distributions is critical.

LinuxSystemdVulnerability

0 likes · 4 min read

How Nimbuspwn Exploits systemd’s networkd-dispatcher for Root Access

MaGe Linux Operations

Feb 4, 2022 · Information Security

How a 12-Year-Old Linux Polkit Flaw (CVE-2021-4034) Grants Unlimited Root Access

Researchers uncovered a 12‑year‑old vulnerability in Linux’s Polkit (CVE‑2021‑4034, dubbed PwnKit) that lets attackers exploit the pkexec utility to gain unrestricted root privileges on most major distributions, prompting urgent patching recommendations and mitigation steps for administrators.

CVE-2021-4034Root Exploitpatch

0 likes · 8 min read

How a 12-Year-Old Linux Polkit Flaw (CVE-2021-4034) Grants Unlimited Root Access

Architect's Tech Stack

Nov 15, 2021 · Operations

Understanding and Using the su and sudo Commands in Linux

This article systematically explains the differences, usage patterns, and practical examples of the Linux su and sudo commands, covering user creation, login‑shell vs non‑login‑shell switches, the -c option, sudoers configuration, and security considerations for privilege escalation.

LinuxSystem AdministrationUser Management

0 likes · 13 min read

Understanding and Using the su and sudo Commands in Linux

MaGe Linux Operations

Jul 22, 2021 · Information Security

How Windows & Linux Privilege‑Escalation Bugs Let Attackers Hijack Your System

Recent disclosures reveal critical privilege‑escalation vulnerabilities in both Windows (CVE‑2021‑36934) and Linux (CVE‑2021‑33909) that let non‑admin users read SAM files, manipulate VSS snapshots, and gain root‑level access, with detailed mitigation steps provided for each platform.

CVE-2021-33909CVE-2021-36934privilege escalation

0 likes · 9 min read

How Windows & Linux Privilege‑Escalation Bugs Let Attackers Hijack Your System

Open Source Linux

Jun 29, 2021 · Information Security

How a Polkit Bug Lets Local Users Gain Root on Linux (CVE‑2021‑3560)

A recent GitHub disclosure reveals that a long‑standing polkit vulnerability (CVE‑2021‑3560) enables unprivileged local users on many Linux distributions to obtain root privileges with just a few commands, prompting urgent updates for affected systems such as RHEL, Fedora, Debian and Ubuntu.

CVE-2021-3560Linuxpolkit

0 likes · 4 min read

How a Polkit Bug Lets Local Users Gain Root on Linux (CVE‑2021‑3560)

Open Source Linux

Apr 14, 2021 · Information Security

Step‑by‑Step Web Penetration Test: From Recon to Root Access

This tutorial walks you through a complete web penetration test on the fictional site hack‑test.com, covering DNS enumeration, server fingerprinting, vulnerability scanning with Nikto and w3af, exploiting SQL injection via sqlmap, uploading a PHP webshell, gaining a reverse shell, and finally escalating to root privileges on a Linux server.

Information GatheringSQL injectionWeb Security

0 likes · 10 min read

Step‑by‑Step Web Penetration Test: From Recon to Root Access

Liangxu Linux

Mar 13, 2021 · Information Security

How Hackers Break Into the OS Kernel: Methods, Exploits, and Defenses

This article explains how attackers gain kernel-level privileges by exploiting vulnerabilities such as null-pointer dereferences, use-after-free, and integer overflow bugs, outlines the four legitimate ways programs enter kernel mode, and reviews real-world CVE cases and modern mitigation techniques.

CVEOS securityUse-After-Free

0 likes · 10 min read

How Hackers Break Into the OS Kernel: Methods, Exploits, and Defenses

php Courses

Dec 18, 2020 · Information Security

ThinkCMF Privilege Escalation Vulnerability in ThinkPHP 5.0 and Its Mitigation

The article explains a privilege‑escalation flaw in the ThinkCMF CMS built on ThinkPHP 5.0, demonstrates how to exploit it via crafted URLs to invoke arbitrary PHP functions such as phpinfo, and describes the official fix that adds strict controller name validation.

PHPThinkCMFThinkPHP

0 likes · 3 min read

ThinkCMF Privilege Escalation Vulnerability in ThinkPHP 5.0 and Its Mitigation

21CTO

Nov 19, 2020 · Information Security

How to Exploit and Patch Ubuntu’s Silent Sudo User Vulnerability

This article explains a critical Ubuntu flaw that lets a standard user create a new sudo account and gain root privileges without a system password, details the step‑by‑step exploitation process, and outlines the official patches released to fix the issue.

CVELinux securityRoot Access

0 likes · 6 min read

How to Exploit and Patch Ubuntu’s Silent Sudo User Vulnerability

ITPUB

Nov 18, 2020 · Information Security

Create a New sudo User and Gain Root on Ubuntu Without a Password – Full Exploit Guide

This article explains a critical Ubuntu vulnerability that lets a standard user create a new sudo account and obtain root privileges without a system password, detailing the exploitation steps, required commands, and the underlying flaw in accounts‑daemon and GNOME Display Manager, plus mitigation advice.

Linux securitySudoUbuntu

0 likes · 7 min read

Create a New sudo User and Gain Root on Ubuntu Without a Password – Full Exploit Guide

ITPUB

Nov 17, 2020 · Information Security

How to Exploit Ubuntu’s Accounts‑Daemon & GDM3 Bug to Gain Root Without a Password

This article explains a critical Ubuntu desktop vulnerability discovered by GitHub researcher Kevin Backhouse, detailing step‑by‑step commands that let a standard user create a privileged sudo account, the underlying bugs in accounts‑service and GNOME Display Manager, and the official patches released to fix it.

accounts-daemongdm3privilege escalation

0 likes · 7 min read

How to Exploit Ubuntu’s Accounts‑Daemon & GDM3 Bug to Gain Root Without a Password

Liangxu Linux

Nov 16, 2020 · Information Security

How to Exploit and Patch Ubuntu’s Accounts‑Daemon & GDM3 Privilege Escalation

Security researcher Kevin Backhouse revealed a local‑privilege‑escalation flaw in Ubuntu desktop that lets a standard user create a sudo‑enabled account without a password by abusing a .pam_environment symlink, crashing accounts‑daemon, and forcing GNOME’s initial‑setup wizard, with patches now available.

Linux securityUbuntuaccounts-daemon

0 likes · 7 min read

How to Exploit and Patch Ubuntu’s Accounts‑Daemon & GDM3 Privilege Escalation

Huolala Tech

Nov 11, 2020 · Information Security

How Red Team Techniques Uncover Phishing Attack Origins: A Step‑by‑Step Guide

This article demonstrates how red‑team methods can be applied to phishing traceability, detailing phishing classifications, email‑header extraction, malicious site analysis, web‑shell decryption, privilege‑escalation techniques, log mining, and attacker attribution to reconstruct the full attack chain.

Webshellemail analysislog analysis

0 likes · 33 min read

How Red Team Techniques Uncover Phishing Attack Origins: A Step‑by‑Step Guide

ITPUB

Oct 17, 2019 · Information Security

Understanding the Sudo CVE‑2019‑14287 Vulnerability and How to Mitigate It

The article explains the CVE‑2019‑14287 sudo bug that lets attackers bypass root restrictions by using special user IDs, assesses its severity and real‑world impact, and provides concrete steps—including patch installation and sudoers configuration checks—to protect Linux systems.

CVE-2019-14287Linux securitySudo

0 likes · 7 min read

Understanding the Sudo CVE‑2019‑14287 Vulnerability and How to Mitigate It

MaGe Linux Operations

Feb 27, 2019 · Information Security

Deploy a One‑Line PHP Backdoor and Escalate Linux Privileges

This guide walks through creating a simple PHP backdoor, using Python pty for interactive shells, compiling and exploiting local binaries, sniffing network traffic with arpsniffer and linsniffer, and applying various Linux privilege‑escalation techniques to obtain root access.

Information Securitynetwork sniffingprivilege escalation

0 likes · 10 min read

Deploy a One‑Line PHP Backdoor and Escalate Linux Privileges

Tencent Cloud Developer

Feb 14, 2019 · Information Security

Critical runc Container Escape Vulnerability Advisory (CVE-2019-5736)

A critical CVE‑2019‑5736 vulnerability in the runc container runtime lets a malicious container overwrite the host’s runc binary, granting attackers root‑level code execution that can compromise other containers, the host system, and the network, with a CVSS 3.0 score of 7.2, affecting runc, Apache Mesos and LXC, and requiring prompt updates.

Container SecurityKernel SecurityVulnerability

0 likes · 3 min read

Critical runc Container Escape Vulnerability Advisory (CVE-2019-5736)

MaGe Linux Operations

Nov 30, 2018 · Information Security

How to Exploit Linux Servers: PHP Backdoors, Kernel Privilege Escalation, and Sniffing

This guide walks through creating a one‑line PHP backdoor, gaining interactive shells, escalating Linux privileges via kernel exploits and misconfigurations, compiling and using network sniffers, and harvesting credentials, all illustrated with concrete command‑line examples and code snippets.

Linuxexploitphp backdoor

0 likes · 10 min read

How to Exploit Linux Servers: PHP Backdoors, Kernel Privilege Escalation, and Sniffing

ITPUB

Nov 26, 2018 · Information Security

Inside Linux.BtcMine.174: How Dr.Web’s New Malware Hijacks Linux Systems

Dr.Web’s recent report reveals Linux.BtcMine.174, a sophisticated 1000‑line shell‑script trojan that exploits Dirty COW or CVE‑2013‑2094 for root access, disables dozens of antivirus processes, mines cryptocurrency, and spreads via SSH‑collected hosts, with its components’ SHA‑1 hashes published on GitHub.

Cryptocurrency MiningInformation SecurityLinux

0 likes · 3 min read

Inside Linux.BtcMine.174: How Dr.Web’s New Malware Hijacks Linux Systems

Efficient Ops

Oct 30, 2018 · Information Security

How a Former Ops Manager Illegally Escalated Privileges to Steal and Sell Code Worth 8 Million Yuan

In a 2018 Beijing police operation, a former operations supervisor illegally raised his system permissions, downloaded three proprietary project source codes from a tech company, and sold them for nearly eight million yuan, leading to the arrest of two suspects after extensive digital forensic investigation.

ChinaInformation Securitycase study

0 likes · 4 min read

How a Former Ops Manager Illegally Escalated Privileges to Steal and Sell Code Worth 8 Million Yuan

MaGe Linux Operations

Aug 26, 2018 · Information Security

Step‑by‑Step Linux Privilege Escalation and Exploit Techniques

This guide walks through creating a PHP backdoor, leveraging Python pty for interactive shells, compiling and using arpsniffer and linsniffer, performing network sniffing with tcpdump, applying various Linux privilege‑escalation exploits, and establishing persistent root access on vulnerable systems.

Information Securityexploitphp backdoor

0 likes · 11 min read

Step‑by‑Step Linux Privilege Escalation and Exploit Techniques

dbaplus Community

Jun 6, 2018 · Information Security

Comprehensive MySQL Penetration Guide: Recon, Exploits, and Privilege Escalation

This guide details systematic MySQL security testing, covering information gathering, version detection, credential extraction, webshell deployment, privilege escalation via MOF and UDF, and post‑exploitation cleanup, with concrete Metasploit, sqlmap, and nmap commands.

MetasploitSQLMapWebshell

0 likes · 26 min read

Comprehensive MySQL Penetration Guide: Recon, Exploits, and Privilege Escalation

ITFLY8 Architecture Home

May 9, 2018 · Information Security

Master MySQL Penetration: From Recon to Privilege Escalation

This article details comprehensive MySQL penetration techniques, covering information gathering, password cracking, webshell deployment, and multiple privilege‑escalation methods using tools such as Nmap, Metasploit, sqlmap, MOF, UDF and startup script exploits.

Information GatheringMetasploitSQLMap

0 likes · 25 min read

Master MySQL Penetration: From Recon to Privilege Escalation

21CTO

May 7, 2018 · Operations

Mastering sudo: Essential Linux Privilege Tricks for Everyday Use

This guide walks through common sudo scenarios—granting temporary root rights, fixing permission errors in vim, re‑executing forgotten sudo commands, handling shell built‑ins, and configuring sudo logging—to help Linux users work more efficiently and securely.

Command LineLinuxSudo

0 likes · 7 min read

Mastering sudo: Essential Linux Privilege Tricks for Everyday Use

MaGe Linux Operations

Dec 26, 2017 · Information Security

Deploy a One‑Line PHP Backdoor and Escalate Linux Privileges

This guide shows how to plant a PHP backdoor, obtain an interactive shell, enumerate system information, compile and use network sniffers, modify source to capture credentials, and exploit Linux kernel and configuration weaknesses to achieve root access.

Linuxexploitnetwork sniffing

0 likes · 10 min read

Efficient Ops

May 11, 2017 · Information Security

Mastering Linux Security: Real‑World Attack Vectors and Defense Strategies

This article shares practical insights from a security director at YY Live, detailing the complex Linux security landscape, common vulnerabilities, real‑world attack techniques such as Redis abuse and privilege escalation, and a multi‑layered defense approach that balances rapid business iteration with robust protection.

DDoS mitigationLinux securityVulnerability Management

0 likes · 21 min read

Mastering Linux Security: Real‑World Attack Vectors and Defense Strategies

Java High-Performance Architecture

Mar 12, 2017 · Information Security

How Hackers Exploit mysqldump Backups to Execute System Commands

This article explains how attackers can abuse mysqldump to embed malicious SQL that runs system commands during import, demonstrates the exploit step‑by‑step, and provides practical mitigation measures such as using --skip-comments and revoking CREATE TABLE privileges.

SQL injectionbackup exploitationdatabase security

0 likes · 4 min read

How Hackers Exploit mysqldump Backups to Execute System Commands

Java High-Performance Architecture

Dec 12, 2015 · Information Security

How Hackers Exploit Redis Misconfigurations to Gain SSH Password‑less Access

This article explains how attackers generate an SSH key pair, use an unsecured Redis server to store the public key, modify Redis's working directory and filename settings, and ultimately create an authorized_keys file on the target system to achieve password‑less SSH login.

Redismisconfigurationpasswordless login

0 likes · 3 min read

How Hackers Exploit Redis Misconfigurations to Gain SSH Password‑less Access

ITPUB

Nov 12, 2015 · Information Security

How Unauthenticated Redis Access Lets Attackers Hijack Servers – Exploit Steps and Mitigation

The article explains that Redis’s default public binding and lack of authentication allow attackers to read data, execute code, and write their SSH public key into /root/.ssh/authorized_keys, providing a complete guide to exploitation, statistical impact, PoC code, and practical mitigation measures.

RedisSecurity Vulnerabilityexploit

0 likes · 10 min read

How Unauthenticated Redis Access Lets Attackers Hijack Servers – Exploit Steps and Mitigation

dbaplus Community

Oct 22, 2015 · Databases

Understanding PostgreSQL Function Security: Definer vs Invoker Explained

This article explains how PostgreSQL functions can be defined with security definer or security invoker, details the differences between session_user and current_user, demonstrates setting roles and search_path, and provides practical examples and safeguards to prevent privilege escalation.

Database RolesFunction SecurityPostgreSQL

0 likes · 5 min read

Understanding PostgreSQL Function Security: Definer vs Invoker Explained