Privilege Escalation
An attack where a user gains elevated access to resources that are normally protected, beyond what their assigned permissions allow. Vertical escalation involves gaining higher-level privileges (e.g., from user to admin), while horizontal escalation means accessing another user's resources at the same privilege level. Common techniques include exploiting misconfigurations, kernel vulnerabilities, weak file permissions, or unpatched software. Privilege escalation is a critical phase in penetration testing and is heavily tested in CEH, OSCP, and PenTest+ certifications.
Why It Matters
In practice, privilege escalation is critical because it is nearly always a required step for attackers to achieve their ultimate objectives after gaining initial access to a system. Organizations that fail to harden systems against privilege escalation face complete domain compromise from a single compromised low-privilege account. Misconfigured sudo permissions, unquoted service paths on Windows, and SUID binaries on Linux are among the most commonly exploited escalation vectors. Tools like LinPEAS and WinPEAS automate the discovery of these weaknesses. On certification exams such as OSCP, CEH, and PenTest+, expect questions about distinguishing vertical from horizontal escalation, identifying common escalation techniques on Windows and Linux, and understanding how least privilege and system hardening mitigate escalation risks.
Practice this topic
Test your knowledge of Privilege Escalation concepts with exam-style practice questions.
Related Access Control terms
Access Control List (ACL)
A list of permissions attached to an object that specifies which users or system processes are granted access to resources and what operations they can perform. ACLs are implemented in routers, firewalls, and operating systems to filter traffic and restrict file access. They can be standard (filtering by source IP only) or extended (filtering by source, destination, port, and protocol). In cybersecurity certifications like CISSP and Security+, understanding ACLs is essential for network security and access management domains.
Authentication
The process of verifying the identity of a user, device, or system before granting access to resources. Authentication typically relies on one or more factors: something you know (password), something you have (token or smart card), or something you are (biometric). Modern systems often combine multiple factors (MFA) to strengthen security. Common authentication protocols include Kerberos, LDAP, OAuth 2.0, and SAML. Authentication is a foundational concept tested across nearly every cybersecurity certification.
Authorization
The process of determining what resources or actions an authenticated user is permitted to access. While authentication verifies identity, authorization enforces permissions based on policies, roles, or attributes. Common models include discretionary access control (DAC), mandatory access control (MAC), role-based access control (RBAC), and attribute-based access control (ABAC). Authorization failures are a leading cause of data breaches, making this a critical topic in CISSP, Security+, and OWASP Top 10 studies.
Multi-Factor Authentication (MFA)
A security mechanism that requires two or more independent credentials to verify a user's identity, combining factors from different categories: knowledge (passwords, PINs), possession (hardware tokens, smartphones), and inherence (fingerprints, facial recognition). MFA significantly reduces the risk of account compromise — Microsoft reports it blocks over 99.9% of automated attacks. It is required by many compliance frameworks including PCI DSS, HIPAA, and NIST 800-63. MFA implementation is a key topic in Security+, CISSP, and cloud security certifications.
Single Sign-On (SSO)
An authentication scheme that allows a user to log in with a single set of credentials to access multiple applications and services without re-authenticating. SSO improves user experience and reduces password fatigue, but creates a single point of failure if the identity provider is compromised. Common SSO protocols include SAML 2.0, OAuth 2.0, and OpenID Connect. Enterprise SSO solutions often integrate with Active Directory or cloud identity providers like Okta and Azure AD. SSO is covered in CISSP Domain 5 (Identity and Access Management) and Security+.
Zero Trust
A security model that requires strict identity verification for every person and device attempting to access resources, regardless of whether they are inside or outside the network perimeter. Zero Trust operates on the principle of 'never trust, always verify' and assumes that breaches are inevitable. Key pillars include micro-segmentation, least privilege access, continuous verification, and real-time monitoring. The NIST SP 800-207 framework provides guidance for implementing Zero Trust architectures. This model has become a dominant security strategy and is increasingly tested in CISSP, Security+, and cloud security certifications.