SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsWhile remote compromises are preferred by attackers and most feared by defenders, local privilege escalation can be equally as dangerous and even harder to uncover. A buffer overflow in the passwd program used in Sun Microsystems' Solaris 8 and Solaris 9 Operating Environments can be silently exploited by a valid local user to gain root privileges. The raptor_passwd.c exploit of this vulnerability is investigated in detail. A scenario is described in which the exploit is used as an integral part of an attack. The handling of the incident by information security personnel is demonstrated.