Before starting, I would like to point out - I'm no expert. As far as I know, there isn't a 'magic' answer, in this huge area. This is simply my finding, typed up, to be shared (my starting point). Below is a mixture of commands to do the same thing, to look at things in a different place or just a different light. I know there more 'things' to look for. It's just a basic & rough guide. Not every command will work for each system as Linux varies so much. 'It' will not jump off the screen - you've to hunt for that 'little thing' as 'the devil is in the detail'. Enumeration is the key. (Linux) privilege escalation is all about: Collect - Enumeration, more enumeration and some more enumeration. Process - Sort through data, analyse and prioritisation. Search - Know what to search for and where to find the exploit code. Adapt - Customize the exploit, so it fits. Not every exploit work for every system 'out of the box'. Try - Get ready for (lots of) trial and error. Operating System What's the distribution type? What version? 1 2 3 4 cat /etc/issue cat /etc/*-release cat /etc/lsb-release # Debian based cat /etc/redhat-release # Redhat based What's the kernel version? Is it 64-bit? 1 2 3 4 5 6 cat /proc/version uname -a uname -mrs rpm -q kernel dmesg | grep Linux ls /boot | grep vmlinuz- What can be learnt from the environmental variables? 1 2 3 4 5 6 7 cat /etc/profile cat /etc/bashrc cat ~/.bash_profile
FEATURES
ALTERNATIVES
CobaltBus enables Cobalt Strike C2 traffic via Azure Servicebus for enhanced covert operations.
A blog post about bypassing AppLocker using PowerShell diagnostic scripts
A next generation version of enum4linux with enhanced features for enumerating information from Windows and Samba systems.
High-performant, coroutines-driven, and fully customisable Low & Slow load generator for real-world pentesting with undetectability through Tor.
A structured approach for conducting penetration tests with seven main sections covering all aspects of the test.
PINNED

InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.