Author: Carol Caley, PMM, Xage Security
Unfortunately, privilege escalation has been big in the news lately, from disclosed vulnerabilities to their active exploitation. The concept seems simple on its face: any technique that allows someone to increase their privilege. But it quickly becomes complicated when you start to dig into what we mean by privileged access.
Privilege exists in countless systems and can mean anything from having admin control over your laptop to system privileges on the database storing sensitive customer data. There’s a lot to dig into, and the nuances all depend on the context of the system or environment in play. In light of that, we’ve collected intriguing analyses and in-depth longreads about privilege across various environments and operating systems. Learn how they can be hacked to help you better secure them.
Insecure Windows Service Permissions and Privilege Escalation Risks
Windows services are often running in the background and can provide opportunities for a bad actor to escalate privileges within a Windows environment. Services with lots of access, like system privileges, are particularly risky if misconfigured or otherwise vulnerable. Get a detailed walkthrough of how this type of privilege escalation works and a link to the TryHackMe walkthrough.
Kerberoasting: An Oldie but a Baddie
Since it is built into many common operating systems, Kerberos pops up pretty frequently as a vector of attack. This article covers both gaining credentials and elevating privilege in systems that use Kerberos for authentication.
CherryLoader Privilege Escalation Downloader Malware
How did attackers gain admin-level privileges and disable security tools—and what is the “potato family” of hacker tools? Read the article to learn these intriguing facts and more.
Read the article on Dark Reading.
Guide to Linux Privilege Escalation: SUID and SGID binaries
If you want to get way into the nitty gritty of permissions and groups in Linux, this Juggernaut Pentesting Academy guide goes way in-depth on how to hack binaries with the SUID or SGID bit turned on. It’s a fascinating read whether you’re red team or blue team.
ESXi Authentication Bypass Vulnerability
Learn about the vulnerability in ESXi hypervisor that allows a malicious user with sufficient permissions to gain full access to a domain-joined ESXi host.
Even More on Privilege Escalation
These are just a handful of the different mechanisms for privilege escalation in various environments. If you’re interested to learn more about specific techniques and where they might be used, MITRE lists dozens of techniques and subtechniques for privilege escalation, as well as real-world examples.
Keep an eye on the Xage blog and our LinkedIn for more deep dives and roundups!