Lukasz Gogolkiewicz
Lukasz Gogolkiewicz
Head of Corporate Security at SEEK

Lukasz is a high proficient security professional, previously responsible for the technical direction and leadership for one of the worlds largest technical security consultancies. Now, he heads up Corporate Security at SEEK. In this role he is responsible for ensuring the protection of sensitive information across a multitude of business systems, corporate systems and IT infrastructure.

He has worked with some of the world largest banks and financial organisations, has worked with federal, state and local governments, presented at and organised a number security conferences, and helps mentor the next generation of security professionals.

Keynote "Threat Driven Cyber Security: Does Security Compliance Work?"

Tutorial: Linux Privilege Escalation

Technical Level (3 being the highest score): 2

Attackers never stop at initial compromise; there is always an end goal objective which often requires privileged access to specific devices or systems.

Moving from low to high privileged access is crucial to this strategy, with various controls regularly being employed to limit the likelihood of such an attack succeeding, or increasing the effort required for an attacker to reach their goal. As security professionals, we need to understand such techniques in order to accurately assess the risk and likelihood of a given attack path within the organisation.

Identifying the correct privilege escalation vector can often feel like looking for a needle in a haystack, however with the right approach and understanding of the various controls in play, gaining full control can often be a safe assumption in many instances following initial foothold.

This course therefore will equip those likely to find themselves with an initial foothold with the skills to practically exploit a given privilege escalation vector on the Linux system. Attendees will be presented with various scenarios and methods by which full control can be achieved, supported by a virtualised set of challenges to practice and hone their techniques.

We will be focusing on privilege escalation in Linux, looking at both the basic scenarios and some more complex instances, as well as escaping restricted shells and execution environments.

Alongside a core methodology and exposure to various privilege escalation scenarios, attendees will also take away an execution environment which can be used to further hone their privilege escalation skills, and be tuned to increase the difficulty of exploitation by enabling controls commonly found in the wild and within hardened environments.

Specifically, the following topics will be covered:

Day One:
* The Linux privilege model, and the importance of root
* Basic Linux privilege escalation

Day Two:
* Escaping and bypassing restricted ironments
* Complex Linux escalation

Secure your place now!