Privilege Escalation

Having gained access to a targeted system, the next phase a good pentester will focus on is privilege escalation. This is the process of elevating permissions within the system as high as possible in order to gain maximum visibility and control in the target system.

Any good organization has clearly defined roles, with more power granted to those with higher roles in the organization. This is done to limit the harm that can be done by newcomers or outsiders.

As a pentester, our job is to find all possible vulnerabilities. If a hacker can gain access to a simple user account, and then elevate their access to that of an administrator, they could do unspeakable damage, access sensitive information. and cover their tracks by deleting damning logs. With enough access, a hacker can completely own a system. They can quietly sit inside of it, monitor all information, and take and delete information at will all the while thwarting any attempts of being caught from the inside.

So attempting to elevate privilege and power to the highest possible level is essential for a pentester to gauge how a system could fall prey to these devastating types of breaches, and thus be able to recommend proper protections.