The Information System Security Assessment Framework (ISSAF) dedicates only one and a half pages to compromising a system and elevating privileges during a penetration test. It would be natural to assume because so little page space is dedicated to this phase of a PenTest, it might be unimportant or simple to perform – this could not be further from the truth. Once system vulnerability has been identified and exploited, the penetration tester typically has a small foothold into the system and only with minimal privileges. Although limited access may be enough to justify ...