Privilege Escalation
Gaining higher levels of access than originally authorized within a system or network.
Full Definition
Privilege escalation is the act of exploiting a vulnerability, misconfiguration, or design flaw in an operating system or application to gain elevated access to resources that are normally protected. It follows initial access in the attack chain and is necessary for attackers to move from a limited user foothold to administrative or root-level control.
There are two primary types: vertical privilege escalation (gaining higher permissions, e.g., user to admin) and horizontal privilege escalation (accessing another user's resources at the same permission level). Techniques include exploiting unpatched local privilege escalation (LPE) vulnerabilities, abusing misconfigured sudo rules, token impersonation, and credential theft from memory.
Privilege escalation is a pivotal step enabling further lateral movement, persistence, and data exfiltration. Monitoring for unusual privilege usage and enforcing the principle of least privilege are key defensive controls.
Related Terms
Lateral Movement
Techniques used by attackers to progressively move through a network after initial compromise.
Attack TypesPersistence
Techniques attackers use to maintain access to a compromised system across reboots and credential changes.
Attack TypesExploit
Code or a technique that takes advantage of a software vulnerability to cause unintended behavior.
VulnerabilitiesAdvanced Persistent Threat (APT)
A prolonged, targeted cyberattack by a sophisticated, often state-sponsored threat actor.
Threat ActorsMonitor Your Exposure on Whiteintel
Understanding threats is the first step. Whiteintel continuously monitors dark web sources, stealer logs, and breach databases so you know the moment your organization's data is at risk.