Privilege Escalation
The previous chapters have explained the process of performing an attack to a point where the attacker can compromise a system. The previous chapter, Chapter 8, Lateral Movement, discussed how an attacker can move around in the compromised system without being identified or raising any alarms. A general trend was observable, where legitimate tools were being used to avoid alerts. A similar trend may also be observed in this phase of the attack life cycle.
In this chapter, close attention will be paid to how attackers escalate the privileges of the user accounts that they have compromised. The aim of an attacker at this stage is to have the required level of privileges to achieve a greater objective. It could be mass deletion, corruption or theft of data, disabling of computers, destroying hardware, and so many other things. An attacker requires control over access systems so that they can succeed with all of their plans. Mostly, attackers seek to acquire admin...