® 
Privilege Escalation
Definition
Privilege escalation is an attack technique where an attacker elevates their access rights from limited permissions to administrator rights (root/admin).
Privilege escalation is an attack technique where an attacker elevates their access rights from limited permissions to administrator rights (root/admin). It is a crucial step in virtually every advanced cyberattack, making the difference between limited access and full system control. According to MITRE ATT&CK, privilege escalation is one of the 14 core tactics used by attackers.
How does privilege escalation work?
After gaining initial access with limited rights, the attacker attempts to obtain higher privileges to cause more damage or penetrate deeper into the network. This is achieved by exploiting OS or application vulnerabilities, abusing misconfigured permissions, stealing credentials from higher-privileged accounts or exploiting trust relationships between systems.
Types of privilege escalation
Vertical escalation elevates rights from regular user to administrator or root. Horizontal escalation gains access to other user accounts with equal but different rights and data. Techniques include: kernel vulnerability exploitation and SUID binaries (Linux), misconfigured sudo rights, DLL hijacking and service path manipulation (Windows), credential dumping with tools like Mimikatz, token manipulation and impersonation, and Active Directory misconfigurations.
Impact on organisations
Privilege escalation enables attackers to gain full system control, bypass security mechanisms, exfiltrate data and deploy ransomware. Successful escalation to domain administrator gives the attacker control over the entire Active Directory and all connected systems. NIS2 requires adequate access control and least privilege principles.
Protection
Strictly apply least privilege. Implement PAM for all admin accounts. Keep systems updated to eliminate exploitable vulnerabilities. Monitor privilege changes via SIEM and EDR. Conduct regular audits of admin rights and group memberships. Restrict tools like PowerShell via application whitelisting.
How DEFION helps
DEFION tests privilege escalation as a core component of internal pentests and red teaming engagements. The team attempts to escalate from limited access to admin rights, validating the effectiveness of access controls.