© Morey J. Haber and Brad Hibbert 2018
Morey J. Haber and Brad HibbertPrivileged Attack Vectorshttps://doi.org/10.1007/978-1-4842-3048-0_5

5. Privilege Escalation

Morey J. Haber and Brad Hibbert2
(1)
Heathrow, Florida, USA
(2)
Carp, Ontario, Canada
 
Once we have established an authenticated session of any type, whether the session is legitimate or hacked via any of the attacks previously discussed, a threat actor’s goal is to elevate privileges and extract data (outside of ransomware and causing business disruptions). See Figure 5-1. A standard user typically does not have rights to a database, sensitive files, or anything of value in mass. So how does a threat actor navigate an environment and gain administrator or root privileges to exploit them ...

Get Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.