Module 4: Intrusion on Linux systems

The aim of this module is to carry out instructions on Linux-type infrastructures through the exploitation of several vulnerabilities. This module includes practical and realistic use cases for discrete intrusions through system exploitation and elevation of privileges. During this module, the methodology and techniques used will be explained in detail.

• How a Linux environment works (intrusion sequence, administration mechanisms, operation, authentication, account hierarchy, security mechanisms)
• Anonymous intrusion (recognition and mapping methodology, exploitation, application vulnerabilities, network interception, case of physical access to a workstation)
• Intrusion in authenticated mode (local recognition on a system, elevation of privileges, replay of authentication information, exploitation of configurations: sudo, scheduled tasks, permissions, etc., exploitation of public vulnerabilities, bypassing software restrictions: Sandboxing, Linux Security Module, persistence, system footprint management)
• Exploitation of local administrator rights (manipulation of local resources, extraction of authentication secrets, dissection of Linux memory, exploitation of live system elements, deep compromise, poisoning of system services, poisoning of binaries, implementation of advanced persistence mechanismsq : user rootkits, kernel rootkits, backdoors, system footprint management, rebound methodology.

• This module is part of the Activity A2 skills block: Technical security auditing

  Task 1 (A2T1): Carry out technical security audits, including penetration tests, to assess the security of Web applications, operating systems (Linux, Windows) and network protocols.

  - A2T1C1: Identify, analyze and document vulnerabilities in applications, systems and networks using specific tools.

  - A2T1C2 : Perform penetration tests in a variety of environments (Web, Linux, Windows), in compliance with current standards and regulations.

  - A2T1C3: Summarize the results of audits and penetration tests in a clear, detailed report, including recommendations for improving cybersecurity.

   

  Task 2 (A2T2): Participate in the implementation and follow-up of corrective measures identified during technical safety audits.

  - A2T2C1: Prioritize vulnerabilities and propose appropriate solutions in collaboration with technical teams.

  - A2T2C2: Supervise the deployment of patches and ensure that systems comply with security standards.

  - A2T2C3: Validate the effectiveness of corrective measures implemented and communicate results to stakeholders.

  Task 3 (A2T3): Design and test simulated attack scenarios to assess system resilience under realistic conditions.

  - A2T3C1: Develop realistic simulation scenarios based on attackers' tactics, techniques and procedures (TTPs).

  - A2T3C2: Simulate attacks in a variety of environments and assess the defense capability of the digital infrastructure.

  - A2T3C3: Document simulation results and provide strategic recommendations to improve system resilience.

   

  Task 4 (A2T4): Develop and run cybersecurity training programs

  - A2T4C1: Design teaching aids adapted to different audiences (end-users, technical teams, managers).

  - A2T4C2: Run awareness-raising sessions and train employees.

  - A2T4C3: Update training content by monitoring emerging threats.