ExploitationCritical

Privilege Escalation

Privilege escalation transforms a small breach into full compromise. Hardening identity, permissions, and host configurations sharply reduces blast radius.

Back to Techniques Test Your Skills

How Attackers Use It

Attack Summary

After gaining low-privileged access, attackers exploit misconfigurations (SUID binaries, weak sudo rules, writable cron jobs) or kernel vulnerabilities to gain root or SYSTEM.

Initial access is obtained with low-privileged account rights.
Host misconfigurations and local vulnerabilities are enumerated.
Privilege boundary is bypassed to root, admin, or SYSTEM.
Elevated access enables credential dumping and lateral movement.

Defensive Strategy

Defense Summary

Principle of least privilege. Regular patching. Audit SUID/SGID binaries. Restrict sudo. Monitor for unexpected privilege changes with EDR tooling.

Continuously audit privileged groups and sudoers configurations.
Patch operating systems and kernel-level vulnerabilities rapidly.
Block writable paths in high-trust execution contexts.
Alert on unusual privilege change and token manipulation events.

Detection Signals

Unexpected sudo activity and privilege token modifications.
Execution of known escalation binaries or scripts.
Suspicious changes to scheduled tasks, services, or startup entries.

Internal Resources

Keywords

Privilege EscalationPrivilege Escalation DetectionPrivilege Escalation PreventionCritical SeverityExploitation SecurityAttack and DefenseThreat DetectionSecurity Hardening

External References

Authoritative references for deeper learning and validation.

Related Techniques

Explore additional techniques with similar risk level.

SQL Injection Server-Side Request Forgery (SSRF)Broken Access Control