From e1f7939f2bf04e62a473d64f9d3b5b73b9936b90 Mon Sep 17 00:00:00 2001
From: CPol <carlospolop@gmail.com>
Date: Sun, 10 Oct 2021 23:22:13 +0000
Subject: [PATCH] GitBook: No commit message

---
 linux-unix/privilege-escalation/apparmor.md           | 2 +-
 linux-unix/privilege-escalation/linux-capabilities.md | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/linux-unix/privilege-escalation/apparmor.md b/linux-unix/privilege-escalation/apparmor.md
index 0a0b4cc219c..68844c75111 100644
--- a/linux-unix/privilege-escalation/apparmor.md
+++ b/linux-unix/privilege-escalation/apparmor.md
@@ -224,7 +224,7 @@ Note that you can **add/remove** **capabilities** to the docker container (this
 
 * `--cap-add=SYS_ADMIN`_ _give_ _`SYS_ADMIN` cap
 * `--cap-add=ALL`_ _give_ _all caps
-* `--cap-drop=ALL --cap-add=SYS_PTRACE` drop all caps and only give 
+* `--cap-drop=ALL --cap-add=SYS_PTRACE` drop all caps and only give `SYS_PTRACE`
 
 {% hint style="info" %}
 Usually, when you **find** that you have a **privileged capability** available **inside** a **docker** container **but** some part of the **exploit isn't working**, this will be because docker **apparmor will be preventing it**.
diff --git a/linux-unix/privilege-escalation/linux-capabilities.md b/linux-unix/privilege-escalation/linux-capabilities.md
index 1564dd676b9..d5386a0980f 100644
--- a/linux-unix/privilege-escalation/linux-capabilities.md
+++ b/linux-unix/privilege-escalation/linux-capabilities.md
@@ -322,7 +322,9 @@ User=bob
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 ```
 
-## Malicious Use
+##
+
+## CapabilitMalicious Use
 
 Capabilities are useful when you **want to restrict your own processes after performing privileged operations** (e.g. after setting up chroot and binding to a socket). However, they can be exploited by passing them malicious commands or arguments which are then run as root.