Pentesting Linux systems


Intrusion in Linux environments is a complete course for Linux infrastructures pentesting. It is a realistic training including practical use cases of low-profile intrusions in corporate environments, through system exploitation and privilege escalation. Over the 4 modules, students will learn the methodology and techniques used by our experts during an intrusion, starting from anonymous access to the most privileged ones on the information system. The training includes 2 complete corporate-like environments for the students to apply these skills.


Technologies: Docker, LXC, SELinux, AppArmor, LDAP, ...


Intrusion in Linux environments is an advanced training designed for security teams, system administrators and developers.


5 days / 11 hours of theory / 24 hours of practice.


  • Operation of a Linux environment


    Reminder of general information on Linux systems and associated services. Introduction of intrusion concepts specific to this type of environment.


    • Intrusion process

    • Linux's administration mechanisms

    • Operation of a Linux environment

    • Authentication

    • Accounts hierarchy

    • Safety mechanisms


  • Intrusion in anonymous mode


    Reconnaissance and intrusion techniques when no prior access is acquired.


    • Reconnaissance and network mapping methodology

    • Exploitation

      • Application vulnerabilities

      • Network interceptions

      • Case of physical access to a workstation


  • Intrusion in authenticated mode


    Reconnaissance and intrusion techniques after obtaining a more or less privileged user account


    • Local reconnaissance on a system

    • Privilege escalation

      • Replay of authentication information

      • Exploitation of configurations (sudo, scheduled tasks, permissions, etc)

      • Exploitation of public vulnerabilities

    • Bypassing software restrictions

      • Sandboxing

      • Linux Security Module (AppArmor, SELinux)

    • User-level persistence techniques

    • Managing footprint on the system


  • Exploitation of local administrator rights


    Reconnaissance and intrusion techniques from local administrator access on a system.


    • Manipulation of local resources

    • Extraction of authentication secrets

      • Dissecting Linux memory

      • Operation of live system elements (DBUS Secret Service API)

    • In-depth compromise

      • Poisoning of system services

      • Binaries poisoning

    • Implementation of advanced persistence mechanisms

      • User rootkits

      • Kernel rootkits

      • Backdoors

    • Managing footprint on the system

    • Network bouncing methodology


  • Exercise in autonomy


    Deployment of a second infrastructure on which a trophy must be obtained after the overall compromise of the environment. Students must independently apply the different methods discussed during the training.