© Morey J. Haber and Brad Hibbert 2018
Morey J. Haber and Brad HibbertPrivileged Attack Vectorshttps://doi.org/10.1007/978-1-4842-3048-0_5

5. Privilege Escalation

Morey J. Haber and Brad Hibbert2
Heathrow, Florida, USA
Carp, Ontario, Canada
Once we have established an authenticated session of any type, whether the session is legitimate or hacked via any of the attacks previously discussed, a threat actor’s goal is to elevate privileges and extract data (outside of ransomware and causing business disruptions). See Figure 5-1. A standard user typically does not have rights to a database, sensitive files, or anything of value in mass. So how does a threat actor navigate an environment and gain administrator or root privileges to exploit them ...

Get Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.