The previous chapters have explained the process of performing an attack to a point where the attacker can compromise a system. The previous chapter, Chapter 8, Lateral Movement, discussed how an attacker can move around in the compromised system without being identified or raising any alarms. A general trend was observable, where legitimate tools were being used to avoid security alerts. A similar trend may also be observed in this phase of the attack life cycle.
In this chapter, close attention will be paid to how attackers heighten the privileges of the user accounts that they have compromised. The aim of an attacker at this stage is to have obtained the required level of privileges in order to achieve a greater objective. ...