<![CDATA[This study aims to identify and evaluate privilege escalation techniques on Linux kernel-based operating systems using the Information System Security Assessment Framework (ISSAF) methodology and MITRE ATT&CK tactics. The research was conducted in the vulnerable VulnHub Lin.Security lab. Phases included planning (VirtualBox configuration), assessment (system enumeration and testing of 7 MITRE ATT&CK tactics: Abuse Elevation Control Mechanism, Account Manipulation, Create or Modify System Process, Escape to Host, Event Triggered Execution, Exploitation for Privilege Escalation, Hijack Execution Flow), and reporting. Results showed all seven tactics were successfully exploited in the lab environment, revealing vulnerabilities such as SetUID/SetGID misconfiguration, sudo issues, SSH key manipulation, systemd misuse, docker SUID exploitation, shell configuration file vulnerabilities, kernel exploits (PwnKit), and LD_PRELOAD hijacking. The main conclusion is that privilege escalation vulnerabilities in Linux systems can be exploited using MITRE ATT&CK tactics, emphasizing the importance of regular security audits and updates for risk mitigation.]]>
Copyrights © 2026
