Introduction: Privilege escalation is a critical concern in Linux system security. One common avenue for achieving privilege escalation is through exploitable binaries. In this blog post, we will explore how to utilise the getcap command in Linux to identify binaries that possess dangerous capabilities, providing potential opportunities for privesc. What is getcap? The getcap command is used to retrieve the file capabilities of binaries in Linux systems. File capabilities are a feature introduced to enhance security by providing specific permissions to execute certain operations without requiring full root privileges.