Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?


Failed to load latest commit information.

Windows / Linux Local Privilege Escalation Workshop

My give back to the community initiative that was presented for free at several private and public events across Australia:

  • Sydney - PlatypusCon (2017)
  • Perth - BsidesPerth (2017)
  • Brisbane - CrikeyCon (2018)

The workshop is based on the attack tree below, which covers all known (at the time) attack vectors of local user privilege escalation on both Linux and Windows operating systems.


Setup Instructions for Windows

  1. Start a Windows VM that you legitimately own
  2. Login to the Windows VM using a user account that has administrator privileges
  3. Ensure the Windows VM does not have a user account named 'user'. If it exists, delete it
  4. Copy the setup script (lpe_windows_setup.bat) to a writeable location on a Windows VM (the Desktop directory is fine)
  5. Right click on the copied setup file and ensure to select from the pop-up menu 'run as Administrator'
  6. Read carefully the output of the script
  7. Restart the Windows VM
  8. Copy the Tools 7z archive to the Desktop and extract it
  9. Setup is now complete, enjoy

The script was developed and tested on a Windows 7 (SP1) x64 Build 7601 English-US host. It might work on other OS instances, but it is not guaranteed. Pay attention to the script's output. Some exercises are skipped (e.g. Kernel, etc.) as it depends on the patchlevel of the VM.

NOTE: As with any intentionally vulnerable hosts, ensure the Windows VM is not connected to an externally facing network.


Windows / Linux Local Privilege Escalation Workshop







No releases published


No packages published