Once we have established an authenticated session of any type, whether the session is legitimate or hacked via any of the attacks previously discussed, a threat actor’s goal is to elevate privileges and extract data (outside of ransomware and causing business disruptions). See Figure
5-1. A standard user typically does not have rights to a database, sensitive files, or anything of value in mass. So how does a threat actor navigate an environment and gain administrator or root privileges to exploit them ...