What is Privilege Escalation ? | Defend Against Privilege Escaltion |

Types of Privilege Escalation

  • Hotizontal Privilege Escalation : In a horizontal privilege escalation, the unauthorized user tries to access the resources, functions, and other privileges that belong to the authorized user who has similar access permissions. For instance, online baking user can easliy access user B’s bank account.
  • Vertical Privilege Escalation : In a vertical privilege escalation, the unauthorized user tries to gain access to the resources and functions of the user with higher privileges, such as application or site administrators. For example, someone performing online banking can access the site using administrative function.

Privilege Escalation Using DLL Hijacking

Privilege Escalation By Exploiting Vulnerability

Privileges Escalation Using Dylib Hijacking

Privilege Escalation Using Spectre and Meltdown Vulnerabilities

Spectre Vulnerability

Meltdown Vulnerability

Other Privilege Escalation Techniques

  • Access Token Manipulation
  • Application Shimming
  • File System Permission Weakness
  • Path Interception
  • Scheduled Task
  • Launch Daemon
  • Plist Modification
  • Setuid and Setgid
  • Web Shell

How to Defend Against Privilege Escalation

  • Restrict the interactive logon privileges.
  • Use encryption techniques to protect sensitive data.
  • Run users and applications on the least privileges.
  • Reduce the amount of code that runs with particular privilges.
  • Implement multi-factor authentication and authorization.
  • Perform debugging using bounds checkers and stress tests.
  • Run services as unprivileged accounts.
  • Test Operating system and application coding errors and bugs thoroughly.
  • Implement a privilege separation methodology to limit the scope of programming errors and bugs.
  • Patch and update the kernel regularly.
  • Change UAC settings to “Always Notify”, so that it increases the visibilty of the user when UAC elevation is requested.
  • restrict users from writing files to the search paths for applications.
  • Continously monitor file system permissions using auditing tools.
  • Use fully qualified paths in all the Windows applications.
  • Ensure that all executables are placed in write-protected directories.
  • In MAC operating systems, prevent plist files from being altered by users making them read-only.
  • Block unwanted sytem utilites or software that may be used to schedule tasks.
  • Patch and update the web servers regularly.
  • Disable the default local administrator account.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store