Pentest Linux Intermediate - 5 days


Linux is a very widely used operating system, especially for servers but also for office workstations and embedded systems, such as network equipment. Managing a Linux infrastructure relies on administration mechanisms and methods that are essential for attackers to understand.

Throughout these five days of training, participants will be exposed to four course modules detailing the methodology of an intrusion from anonymous access to the compromise of the infrastructure, with a particular interest in the limitation of the footprint. An additional module will also be dedicated to hardened systems ( AppArmor, SELinux ). These notions will be applied throughout the week on two complex corporate networks, resulting from intrusions actually carried out by our experts.

  • 5 days ( 35 hours )

  • 4 course modules following realistic intrusion steps + 1 module on hardened systems

  • 2 corporate environments with more than 30 machines

Public and prerequisites

This training is suitable for people with notions of offensive security but no prior experience in the intrusion of corporate Linux environments. It is aimed primarily at pentesters, system administrators and security architects, but also at any technical profile wishing to enrich their professional career with a security component.

  • Pentesters

  • System administrators

  • Security architects

Notions of offensive security and good network and Unix knowledge are recommended.


Day 1

Fundamental concepts: identity and access management, security mechanisms ( extended ACLs, standard and extended attributes, capabilities ), containerization ( namespaces, cgroups, seccomp, Docker and LXC/LXD implementations ), administration methods. Reconnaissance and exploitation techniques from anonymous access: network mapping, name resolution protocols ( mDNS / DNS ), interceptions ( ARP spoofing ).

Day 2

Discovery from non-privileged access: system and network enumeration ( services, sessions, configurations, LDAP, NFS / Samba shares ), containerization detection. Local privilege escalation: advanced sudo configurations, scheduled tasks, capabilities, kernel exploitation ( analysis of public vulnerabilities, adaptation of exploit code, implementation of protections ).

Day 3

Post-exploitation steps: secrets extraction from disks, memory dissection and caching components abuses ( SSH / GPG agents, DBUS Secret Service API ), authentication poisoning ( OpenSSH, PAM, sudo ), lateral movements ( network bounce, SOCKS proxy, port forwarding ).

Day 4

Deep compromise: installation of advanced persistence mechanisms ( userland and kernel rootkits ), system footprint management ( anti-forensic introduction ).

Day 5

Compromising hardened systems: Implementing and configuring AppArmor and SELinux LSMs, analyzing and circumventing hardening.