What category does Privilege Escalation belong to?

Privilege Escalation belongs to the "Concepts" category in personal knowledge management and productivity.

What are the key topics related to Privilege Escalation?

Key topics related to Privilege Escalation include: security, attacks, access-control, vulnerabilities, exploitation.

What are alternative names for Privilege Escalation?

Privilege Escalation is also known as: Privilege Elevation, Vertical/Horizontal Escalation.

Privilege Escalation

Exploiting vulnerabilities to gain higher access levels than originally authorized.

Also known as: Privilege Elevation, Vertical/Horizontal Escalation

Category: Concepts

Tags: security, attacks, access-control, vulnerabilities, exploitation

Explanation

Privilege escalation is a class of attacks where an adversary gains elevated access to resources that should normally be protected. It's a critical phase in many cyber attacks, allowing attackers who have gained initial foothold to expand their control and access sensitive systems or data.

There are two primary types: vertical escalation (elevating privileges to higher levels, such as regular user to administrator) and horizontal escalation (accessing resources of other users at the same privilege level). Both pose significant security risks.

Common privilege escalation techniques include: exploiting software vulnerabilities (buffer overflows, use-after-free bugs), misconfigurations (weak file permissions, overly permissive sudo rules), credential theft (password reuse, cached credentials), token manipulation (access token impersonation), DLL hijacking, unquoted service paths, kernel exploits, and abusing legitimate administrative tools (Living off the Land).

In Windows environments, attackers target vulnerabilities in services, scheduled tasks, and registry permissions. In Linux/Unix, they exploit SUID binaries, cron jobs, and kernel vulnerabilities. Cloud environments introduce additional vectors through IAM misconfigurations and metadata service abuse.

Notable examples include EternalBlue (enabling SYSTEM-level access) and numerous local privilege escalation CVEs patched monthly across operating systems.

Defenses include: implementing least privilege principles, regular patching, removing unnecessary admin rights, using privilege access management (PAM) solutions, monitoring for privilege escalation indicators, hardening system configurations, and employing endpoint detection and response (EDR) tools that detect escalation attempts.

Related Concepts

Social Engineering

← Back to all concepts