Exploitation for Privilege Escalation (T1068)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Exploitation for Privilege Escalation

Associated Tactics

  • Privilege Escalation

Privilege Escalation (TA0004)

The adversary is trying to gain higher-level permissions. Privilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities. Examples of elevated access include: * SYSTEM/root level * local administrator * user account with admin-like access * user accounts with access to specific system or perform specific function These techniques often overlap with Persistence techniques, as OS features that let an adversary persist can execute in an elevated context.

View on ATT&CK

Procedure Examples

Description Source(s)
Hromcova, Z. and Cherpanov, A. (2020, June). INVISIMOLE: THE HIDDEN PART OF THE STORY. Retrieved July 16, 2020. ESET InvisiMole June 2020
Microsoft. (2020, October 15). Microsoft recommended driver block rules. Retrieved March 16, 2021. Microsoft Driver Block Rules
Reichel, D. and Idrizovic, E. (2020, June 17). AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations. Retrieved March 16, 2021. Unit42 AcidBox June 2020