Dashboard
Account 🔐
Sign Up
Login
Global Leaderboard
Game Vault
Badge Backpack
Blue Team Glossary
Login and start playing
Leaving so soon?
×
You really want to log out? We were having so much fun!
Home
›
Glossary
›
Tactics & Techniques
›
privilege_escalation
Privilege_escalation
Tactics & Techniques
Definition
Privilege escalation is a technique where an attacker gains higher levels of access or permissions than they are initially authorized to have. It typically occurs after initial access has been obtained—such as through compromised credentials or phishing—and allows the attacker to move from a low-privileged account to more powerful roles, such as administrator or root. There are two main types of privilege escalation: * **Vertical privilege escalation** – gaining higher-level permissions (e.g., user to administrator) * **Horizontal privilege escalation** – accessing another user’s account with similar permission levels Privilege escalation often exploits misconfigurations, software vulnerabilities, weak access controls, or improper permission assignments. Once elevated, attackers can bypass restrictions, disable security controls, and gain deeper control over systems.
Explore More Terms
Timeline
Ip-Address
Command-And-Control
Malware
Sysmon-Event-Codes-Ids
Examples & Use Cases
Common privilege escalation scenarios include: * Exploiting a vulnerable service to gain system or root-level access * Abusing misconfigured file or folder permissions to access restricted data * Extracting credentials from memory (e.g., password hashes, tokens) and reusing them * Leveraging overly permissive roles in identity systems (such as excessive admin rights) * Using tools or techniques like pass-the-hash or token impersonation **Real-World Impact** Successful privilege escalation can significantly worsen a security incident: * Full administrative control over systems or domains * Ability to disable logging, endpoint protection, or other security tools * Access to sensitive data, including credentials, financial data, or intellectual property * Lateral movement across systems and environments * Deployment of ransomware or persistence mechanisms that are difficult to remove In many real-world breaches, attackers start with limited access and rely on privilege escalation to expand their control and achieve their objectives. **Detection & Mitigation** Indicators of privilege escalation may include unusual account behavior, unexpected privilege changes, execution of administrative tools by non-admin users, or access to sensitive resources outside normal patterns. Mitigation strategies include: * Enforcing the principle of least privilege * Regularly auditing user roles and permissions * Patching known vulnerabilities promptly * Monitoring for suspicious privilege changes or token usage * Using privileged access management (PAM) solutions * Segmenting systems and restricting administrative access Limiting privileges and closely monitoring their use reduces both the likelihood and impact of escalation, making it harder for attackers to gain full control of an environment. --- ## Further Reading * [MITRE ATT&CK - Privilege Escalation](https://attack.mitre.org/tactics/TA0004/) * [Crowdstrike - What is Privilege Escalation?](https://www.crowdstrike.com/en-us/cybersecurity-101/cyberattacks/privilege-escalation/)
.png)
