Windows Privilege Escalation
Topics
Introduction to the Windows Shells
Windows Permissions
Reverse Shells in Windows
SeImpersonatePrivilege Exploitation
On Cross Compilation
Windows Services
Weak Service Permissions
Unquoted Service Path
DLL Hijacking
Always Install Elevated
Files with Sensitive Data
Windows Hashes
Stored Credentials and the Windows Vault
Scheduled Task
Critical Registry Paths
Useful Tools
AMSI Bypass
MS Windows and Privilege Escalation
Privilege Escalation
Privilege escalation is a critical concept in cybersecurity that involves obtaining higher levels of access or privileges than those initially granted. It is often exploited by attackers to gain unauthorized control over a system, allowing them to perform actions that are typically restricted, such as accessing sensitive data, modifying system configurations, or executing arbitrary code.
Privilege escalation can be categorized into two main types:
Vertical Privilege Escalation In vertical privilege escalation (or privilege elevation), an attacker gains access to higher-level permissions, such as escalating from a standard user account to an administrator or root account. This often provides the attacker full control over the system. Techniques to achieve this include exploiting unpatched vulnerabilities, abusing misconfigurations, or leveraging credential theft.
Horizontal Privilege Escalation Horizontal privilege escalation involves gaining access to another user's account with similar privilege levels. For instance, an attacker might use stolen credentials or session hijacking techniques to impersonate another user, potentially accessing sensitive information or functions tied to that account.
Hardening OS
It is essential to harden systems by conducting regular audits using market-recognized checklists and frameworks, such as CIS, STIG Benchmarks, to ensure compliance with security best practices. This process should include the validation of system configurations, the implementation of least privilege access controls, continuous vulnerability assessments, and the application of security patches. Additionally, organizations should adopt automated tools to streamline compliance checks and integrate threat detection mechanisms to identify and respond to potential risks proactively.
Hardening Security Frameworks:
Lab Environment
Steps
Windows Setup
Using Quickemu
Labs and Practices
Background Information
Concepts and Pratice
Resources
Cheatsheet
Last updated