Linux systems are integral to the infrastructure of modern computing environments, necessitating robust security measures to prevent unauthorized access. Privilege escalation attacks represent a significant threat, typically allowing attackers to elevate their privileges from an initial low-privilege account to the all-powerful root account. A benchmark set of vulnerable systems is of high importance to evaluate the effectiveness of privilege-escalation techniques performed by both humans and automated tooling. Analyzing their behavior allows defenders to better fortify their entrusted Linux systems and thus protect their infrastructure from potentially devastating attacks. To address this gap, we developed a comprehensive benchmark for Linux privilege escalation. It provides a standardized platform to evaluate and compare the performance of human and synthetic actors, e.g., hacking scripts or automated tooling.

翻译：Linux 系统是现代计算环境基础设施的核心组成部分，因此需要强健的安全措施来防止未授权访问。权限提升攻击构成重大威胁，通常允许攻击者从初始的低权限账户提升权限至最高权限的 root 账户。一套包含脆弱系统的基准测试集对于评估人类和自动化工具所执行的权限提升技术的有效性至关重要。通过分析这些行为，防御者可以更好地加固其受托管的 Linux 系统，从而保护其基础设施免受潜在毁灭性攻击。为填补这一空白，我们开发了一套全面的 Linux 权限提升基准测试。它提供了一个标准化平台，用于评估和比较人类与合成角色（例如，黑客脚本或自动化工具）的性能。