Professionally Evil Blog

A blog by experts of penetration testing and other security assessments.
    Privilege Escalation via File Descriptors in Privileged Binaries
        Today I wanted to cover an application security topic that applies to SetUID binaries.  As we all know, making a mistake in a SetUID binary will lead to privilege escalation. Today’s topic is about SetUID binaries that drop privileges, but leave a file they opened, well, opened.  This creates ...
    Learn more

    Never miss a Professionally Evil update!