Texas Cyber Summit IV
Adversary Village

Carlos Polop

Senior Security Engineer, Mettle

Carlos is a Spanish Telecommunications Engineer with a Master in Cybersecurity.He had worked hard to pass some important certifications like OSCP, OSWE, CRTP, eMAPT, and eWPTXv2. He has worked mainly as penetration tester/red teamer but also as programmer and system administrator. Since he started learning cybersecurity he has been trying to share his knowledge and help improving the infosec world with his tools (the most remarkable ones are https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite and https://github.com/carlospolop/legion) and with his free hacking tricks online book: https://book.hacktricks.xyz

Tool demo: Metas PEASS

Local privilege escalation techniques are far beyond checking the Windows/Kernel version, looking for unquoted service paths or checking SUID binaries. Moreover, a local privilege escalation could make a huge difference when trying to comprise a domain. Several tools have been created to find possible privilege escalation paths, but most of the tools for Red Team and Pentesting just check for a few possible ways, so pentesters need to use several tools and do some manual recon to check for everything. PEASS is a compilation of a bash script for Linux/MacOS/*nix, a .Net project and a batch script for Windows that I have created some time ago which aims to check and highlight every possible privesc path so professionals don’t need to execute several different tools for this purpose and can very easily find vulnerabilities.

During this talk I would like to present PEASS-ng focusing on the new Metasploit modules that automatically execute these scripts, the new additions to the scripts, and how these tools can be useful in an adversary simulation scenario. During the talk I will also present my local privilege escalation resources (https://book.hacktricks.xyz/linux-unix/privilege-escalation , https://book.hacktricks.xyz/windows/windows-local-privilege-escalation) so the attended will be able to continue learning about the topic after the talk.

Recorded Live 📼