On This Page

Tactical Exploitation: Attacking Unix

Attack Research, LLC | August 4-5


Tactical Exploitation: Attacking Unix is Attack Research's unique approach to compromising UNIX environments without relying on traditional exploits. In this two-day course, students will become proficient in the skills necessary to compromise UNIX environments using the same methods as real-world attackers rather than compliance-based penetration testing techniques. Skills to be covered include: host recon, network recon, and credential hijacking, and students will learn how to take advantage of configuration and design flaws.
This course focuses primarily on Linux, Solaris, and FreeBSD/OS X. SSH, Kerberos, kernel modules, file sharing, privilege escalation, home directories, and logging all will be covered in depth. Once finished with this course, students will have a foundation on how attacks on UNIX actually happen and how to secure against them from the post-exploitation stage.
Like all classes offered by Attack Research, Tactical Exploitation: Attacking UNIX is very hands on and uses a virtual enterprise network environment for students to practice the techniques they learn from the course lecture. Exercises are then demonstrated so each student gets a deep understanding. For more advanced students, there are additional challenges within the environment for them to discover.
Course Outline:
  • Introductory Concepts and Thinking Like an Attacker
  • Host Recon
  • Leveraging Trusts & Lateral Movement
  • Kerberos Inherent Weaknesses
  • SSH Abuse
  • LD_PRELOAD Tricks
  • PAM Trojaning
  • X11 Attacks

We believe that attacking networks requires proficiency in all platforms, so please also consider attending our Tactical Exploitation: Attacking Windows class.

Who Should Take this Course

  • Penetration Testers
  • Detection and Response Staff
  • System Administrators
  • Developers

Student Requirements

Students must have:
  • A concept of scripting languages such as Python/Perl/Ruby/Bash.
  • A familiarity with UNIX system administration and networking concepts
  • Their own machines. Student machines can be of any platform but must include SSH, a web browser, and PDF Viewer. Students must also have sufficient administrative access and understanding of configuring network settings in order to make configuration changes as necessary.

What Students Should Bring

See Student Requirements.

What Students Will Be Provided With

Students leave the class with full documentation and the entire custom and non-custom toolsets. Students will also take away the custom tools that they design and build in the class. Students walk away from AR training sessions not only with the "usual" training materials, but with a wealth of knowledge for both attacking and defending networks.

AR employs a very hands-on approach to teaching by having the students spend approximately 50% of class time performing practical exercises in a lab environment designed to simulate real-world enterprise networks. This type of class structure has been a proven success in retention of skills learned as well as student engagement. Our unique lab environments are replicas of the types of production networks that students will encounter in the real world.


Alex has been a Security Researcher, Pen Tester, and Developer for Attack Research, LLC for over 5 years. He has over 20 years of experience in private sector development and security research. Attack Research is a boutique computer security consulting firm which is devoted to a deep understanding of the mechanics of computer attacks. Industry specialties range from embedded systems, avionics, and automotive to government, financial, and Fortune 500 enterprise environments.