DANE FORTUN

Offensive Security Case Study

Linux Privilege Escalation Lab

A controlled penetration testing lab focused on enumeration, misconfiguration discovery, privilege escalation analysis, and remediation guidance.

Role Penetration Tester
Focus Linux hardening gaps
Tools Nmap, LinPEAS, Hashcat, Python
Outcome Attack path + remediation report

Overview

What I Built

I built and tested a Linux penetration testing environment to simulate real-world attack scenarios involving enumeration, privilege boundary analysis, and post-test reporting.

Problem

The Security Challenge

The system contained intentionally vulnerable configurations representing common Linux hardening failures, including weak permissions, exposed binaries, and loose privilege boundaries.

Process

Attack Path

01

Reconnaissance

Enumerated open services, captured host context, and mapped the initial attack surface.

02

Enumeration

Reviewed users, groups, permissions, service versions, SUID files, and sudo policy behavior.

03

Privilege Escalation Analysis

Validated misconfiguration risk in a controlled lab and documented the conditions that made escalation possible.

04

Reporting

Converted technical notes into an attack path, risk summary, and prioritized hardening plan.

Evidence

What The Work Demonstrates

The goal of the lab was not just to complete a checklist. I treated it like a consultant-style engagement: identify exposure, validate risk, explain impact, and recommend fixes clearly.

Technical Depth

Mapped privilege boundaries and separated interesting findings from exploitable conditions.

Repeatability

Used Python and repeatable checklists to make enumeration less dependent on memory.

Communication

Translated low-level misconfigurations into business-readable remediation priorities.

Key Findings

What Was Risky

  • Weak Linux permission boundaries created escalation opportunities
  • Improper ownership and access patterns increased local privilege risk
  • Misconfigured sudo and SUID behavior exposed avoidable hardening gaps

Remediation

How I Would Fix It

  • Remove unnecessary SUID permissions and audit privileged binaries regularly
  • Apply strict least-privilege sudo policies with clear command boundaries
  • Review writable directories, sensitive files, and ownership expectations
  • Implement logging and alerting for privilege escalation attempts

Reflection

What This Proves

This project demonstrates my ability to think like an attacker, document risk like a consultant, and recommend fixes like a security engineer.