Privilege Escalation

  • Morey J. Haber


Once we have established an authenticated session of any type, whether the session is legitimate or hacked via any of the attacks previously discussed, a threat actor’s typical goal is to elevate privileges and extract data. Figure 6-1 illustrates this based on the models we have been discussing. A standard user typically does not have rights to a database, sensitive files, or anything of value en masse. So, how does a threat actor navigate an environment and gain administrator or root privileges to exploit them as an attack vector? There are five primary methods:

Copyright information

© Morey J. Haber 2020

Authors and Affiliations

  • Morey J. Haber
    • 1
  1. 1.HeathrowUSA

Personalised recommendations