Privilege Escalation

Privilege escalation is categorized into two types: vertical and horizontal. Vertical privilege escalation occurs when an attacker gains higher-level permissions, such as moving from a standard user account to an administrator or root account. Horizontal privilege escalation involves accessing resources or capabilities of another user at the same privilege level.

Common techniques for privilege escalation include exploiting unpatched kernel vulnerabilities, misconfigured SUID/GUID binaries on Linux, abusing Windows token impersonation, DLL hijacking, exploiting weak service permissions, and leveraging misconfigured sudo rules. In Active Directory environments, attackers often target Group Policy misconfigurations and Kerberoasting to escalate privileges.

To mitigate privilege escalation risks, organizations should enforce the principle of least privilege, regularly patch operating systems and applications, audit file and service permissions, restrict administrative access, and implement robust monitoring. Endpoint detection and response solutions and regular penetration testing help identify escalation paths before attackers can exploit them.