Local privilege escalation techniques are far beyond checking the Windows/Kernel version, looking for unquoted service paths or checking SUID binaries. Moreover, a local privilege escalation could make a huge difference when trying to comprise a domain. Several tools have been created to find possible privilege escalation paths, but most of the tools for Red Team and Pentesting just check for a few possible ways, so pentesters need to use several tools and do some manual recon to check for everything. PEASS is a compilation of a bash script for Linux/MacOS/*nix, a .Net project and a batch script for Windows that I have created some time ago which aims to check and highlight every possible privesc path so professionals don’t need to execute several different tools for this purpose and can very easily find vulnerabilities.
During this talk I would like to present PEASS-ng focusing on the new Metasploit modules that automatically execute these scripts, the new additions to the scripts, and how these tools can be useful in an adversary simulation scenario. During the talk I will also present my local privilege escalation resources (https://book.hacktricks.xyz/linux-unix/privilege-escalation , https://book.hacktricks.xyz/windows/windows-local-privilege-escalation) so the attended will be able to continue learning about the topic after the talk.