Linux Privesc Exploiting SUID/SGID Binaries for Linux Privilege Escalation
How attackers abuse SUID/SGID binaries to escalate to root on Linux, plus blue-team detection and hardening.
Linux Privesc 
Linux Privesc Exploiting sudo Misconfigurations with GTFOBins
How attackers turn weak sudo rules, NOPASSWD, env_keep, and LD_PRELOAD into root — and how blue teams shut it down.
Linux Privesc Abusing Linux Capabilities for Privilege Escalation
How attackers abuse cap_setuid and cap_dac_read_search file capabilities to escalate to root, and how blue teams detect it.
Linux Privesc Privilege Escalation via Cron Job Abuse on Linux
Exploit writable cron scripts, weak PATH, and wildcard injection to escalate to root, plus blue-team detection and hardening.
Linux Privesc PATH Hijacking: Privilege Escalation via Writable PATH Directories and Relative Binaries
How attackers abuse relative paths and writable PATH directories to plant malicious binaries and escalate privileges on Linux.
Linux Privesc Abusing NFS no_root_squash for Local Privilege Escalation
How a misconfigured NFS export with no_root_squash lets a low-priv user plant a root SUID binary and escalate.
Linux Privesc Abusing a World-Writable /etc/passwd for Root
How a writable /etc/passwd or /etc/shadow leads to instant root, with PoC and Blue Team defenses.
Linux Privesc Kernel Exploits Deep Dive: Dirty COW and Dirty Pipe
A practical look at CVE-2016-5195 (Dirty COW) and CVE-2022-0847 (Dirty Pipe): how they work, PoCs, and defenses.
Linux Privesc Practical Linux Enumeration with LinPEAS
A hands-on guide to running LinPEAS for fast Linux privilege escalation enumeration, reading its output, and defending against it.
Linux Privesc Privilege Escalation via the Docker Group: From User to Root
How membership in the docker group is equivalent to root, with PoCs for volume mounts and privileged containers, plus detection.
Linux Privesc Abusing LD_PRELOAD and LD_LIBRARY_PATH for Linux Privilege Escalation
How attackers weaponize sudo env_keep with LD_PRELOAD/LD_LIBRARY_PATH to escalate to root, and how blue teams stop it.
Linux Privesc Wildcard Injection: Privilege Escalation via tar and rsync in Cron Jobs
Abuse shell wildcard expansion in tar and rsync backup jobs to inject arguments and escalate to root on Linux.
Linux Privesc Abusing systemd Services and Timers for Linux Privilege Escalation
How writable unit files, ExecStart hijacks, and timer abuse turn a foothold into root on systemd Linux hosts.
Linux Privesc SSH Key Hunting and Lateral Movement on Linux
Find SSH private keys, abuse authorized_keys and known_hosts, and pivot via agent forwarding across Linux hosts.
Linux Privesc Credential Hunting on Linux: From .bash_history to Config Files
A practical guide to hunting cleartext credentials on Linux hosts via history files, config files, and grep, plus defenses.
Linux Privesc Python Library Hijacking for Privilege Escalation on Linux
Abuse writable modules, PYTHONPATH, and sys.path ordering to hijack imports in privileged Python scripts and escalate to root.
Linux Privesc PwnKit: Local Root via polkit pkexec (CVE-2021-4034)
How CVE-2021-4034 (PwnKit) abuses pkexec argv handling and GCONV_PATH to get instant local root on Linux.
Linux Privesc Baron Samedit: Exploiting the sudo Heap Overflow (CVE-2021-3156)
A practical walkthrough of Baron Samedit (CVE-2021-3156), the sudo heap overflow that yields local root, plus detection and defense.
Linux Privesc Linux Persistence Techniques: Maintaining Access After Initial Compromise
A practical tour of Linux persistence: authorized_keys, cron, systemd, rc.local, and ld.so.preload, plus detection.
Linux Privesc Linux Enumeration Cheat Sheet for Privilege Escalation
A practical Linux post-exploitation enumeration cheat sheet covering id, uname -a, sudo -l, SUID hunting, and process inspection.