6. Privilege Escalation
Privilege Escalation (TA0004)
Privilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to exploit system weaknesses, misconfigurations, and vulnerabilities.
Strategy
- Vertical Escalation: Going from User -> Admin (or Root).
- Horizontal Escalation: Going from User A -> User B (who has access to the target).
Key Techniques
- Abuse Elevation Control Mechanism: Bypassing UAC or abusing Sudo.
- Access Token Manipulation: Stealing the identity of a logged-in admin.
- Hijack Execution Flow: Tricking a privileged service into running your code (DLL Hijacking).
Section Contents
-
Abuse Elevation Control Mechanism
Bypassing User Account Control (UAC) on Windows and abusing Sudo/Setuid on Linux.
-
Access Token Manipulation
Stealing, forging, and manipulating Windows Access Tokens to gain privilege.
-
Escape to Host
Breaking out of a container to gain access to the underlying host or cluster.
-
Hijack Execution Flow
Intercepting the execution flow of legitimate programs to run malicious code.
