Privilege escalation

2.4 Given a scenario, recommend controls to mitigate attacks and software vulnerabilities.

📘CompTIA CySA+ (CS0-003)

1. What is Privilege Escalation?

Privilege escalation is a type of attack where a user or process gains higher access rights (permissions) than they are supposed to have.

  • A normal user becomes an administrator/root
  • A limited application gains full system control

This allows attackers to:

  • Access sensitive data
  • Modify system settings
  • Install malware
  • Disable security controls

2. Types of Privilege Escalation

a) Vertical Privilege Escalation

Also called privilege elevation

  • Moving up in access level
  • Example:
    • Standard user → Administrator
    • Application user → Root access

Goal: Gain full control over the system

b) Horizontal Privilege Escalation

  • Moving across at the same level
  • One user accesses another user’s data

Example:

  • User A accesses User B’s files without permission

Goal: Access unauthorized data without becoming admin

3. Common Causes of Privilege Escalation

a) Misconfigured Permissions

  • Files or folders have incorrect access rights
  • Example:
    • Everyone has write access to system files
    • Sensitive files are not restricted

b) Weak Authentication Controls

  • Poor password policies
  • No multi-factor authentication (MFA)

c) Unpatched Software / Vulnerabilities

  • Outdated OS or applications contain known vulnerabilities
  • Attackers exploit these to gain higher privileges

d) Insecure Services or Applications

  • Services running with higher privileges than needed
  • Poor coding practices

e) Credential Exposure

  • Passwords stored in:
    • Plain text files
    • Scripts
    • Configuration files

f) Improper User Role Assignment

  • Users given more access than necessary

g) Lack of Access Control Enforcement

  • No proper checking of user permissions

4. Common Techniques Used in Privilege Escalation

a) Exploiting Software Vulnerabilities

  • Using bugs in OS or applications to gain admin/root access

b) Credential Dumping

  • Extracting passwords or hashes from memory or storage

c) Token Impersonation

  • Using another user’s session or access token

d) DLL Injection / Code Injection

  • Injecting malicious code into trusted processes

e) Scheduled Task Abuse

  • Modifying tasks that run with higher privileges

f) SUID/SGID Exploits (Linux)

  • Misconfigured files that run with elevated permissions

g) Registry Exploits (Windows)

  • Changing registry settings to execute code with admin rights

5. Signs of Privilege Escalation

  • Users performing actions beyond their role
  • Unexpected administrator account usage
  • Changes to system files or configurations
  • Unauthorized access to restricted data
  • Suspicious processes running with high privileges

6. Controls to Mitigate Privilege Escalation

This is very important for the exam

a) Principle of Least Privilege (PoLP)

  • Users and processes get only the minimum access required

b) Role-Based Access Control (RBAC)

  • Assign permissions based on job roles

c) Strong Authentication

  • Use:
    • Strong passwords
    • Multi-factor authentication (MFA)

d) Patch Management

  • Regularly update:
    • Operating systems
    • Applications
  • Fix known vulnerabilities

e) Proper File and Permission Management

  • Restrict access to:
    • System files
    • Sensitive data
  • Regularly audit permissions

f) Use Privileged Access Management (PAM)

  • Control and monitor admin accounts
  • Limit and track privileged sessions

g) Disable Unnecessary Services

  • Reduce attack surface

h) Input Validation and Secure Coding

  • Prevent code injection attacks

i) Logging and Monitoring

  • Track:
    • Login attempts
    • Privileged actions
  • Use SIEM tools for alerting

j) Account Management

  • Remove unused accounts
  • Disable default accounts
  • Enforce account lockout policies

k) Separation of Duties

  • Divide responsibilities among different users
  • Prevent one user from having full control

7. Best Practices for Servers (Exam-Focused)

  • Avoid using administrator/root accounts for daily tasks
  • Use separate admin accounts for privileged operations
  • Regularly review user roles and permissions
  • Implement just-in-time (JIT) access (temporary privileges)
  • Monitor for unusual privilege changes
  • Secure service accounts and avoid hardcoded credentials

8. Summary (Quick Revision)

  • Privilege escalation = gaining higher or unauthorized access
  • Two types:
    • Vertical (become admin)
    • Horizontal (access another user’s data)
  • Caused by:
    • Misconfigurations
    • Weak security controls
    • Unpatched systems
  • Prevent using:
    • Least privilege
    • Strong authentication
    • Patch management
    • Monitoring and access control
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by