← LibraryTechnique entry
K-CAP-SYSADMINPrivilege Escalation
CAP_SYS_ADMIN Escape
Linux capability lets the process call mount(); chain with /proc/sys/kernel/core_pattern to RCE on host.
§ Where this technique fits
K-CAP-SYSADMIN is catalogued under the Privilege Escalation tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.