Privilege Escalation

$99.00

-

CyberQ Skill Packs provide direct hands-on, practical experiences in the EC-Council Cyber Range Platform. The CyberQ Skill Pack – Privilege Escalation provides an assembly of 10 distinct exercises in in various techniques used in Privilege Escalation. Purchasing this product will enable the Learning Path in your CyberQ Account providing up to three attempts for each challenge.

    Description

    Privileges are a security role assigned to users for using specific programs, features, OS’s, functions, files or codes, etc., to limit their access by different types of users. If a user is assigned more privileges, he/she can modify or interact with more restricted parts of the system or application than less privileged users. Attackers initially gain system access with low privilege and then try to gain more privileges to perform activities restricted from less privileged users. A privilege escalation attack is the process of gaining more privileges than were initially acquired.

    In a privilege escalation attack, attackers first gain access to the network using a non-admin user account and then try to gain administrative privileges. Attackers employ design flaws, programming errors, bugs, and configuration oversights in the OS and software application to gain administrative access to the network and its associated applications.

    Once an attacker has gained access to a remote system with a valid username and password, he/she will attempt to escalate the user account to one with increased privileges, such as that of an administrator, to perform restricted operations. These privileges allow the attacker to view critical/sensitive information, delete files, or install malicious programs such as viruses, Trojans, worms, etc.

    Types of Privilege Escalation

    Privilege escalation is required when you want to access the system resources that you are not authorized to access. Privilege escalation takes place in two forms: vertical privilege escalation and horizontal privilege escalation.

    • Horizontal Privilege Escalation: In a horizontal privilege escalation, the unauthorized user tries to access the resources, functions, and other privileges that belong to an authorized user who has similar access permissions. For instance, online banking user A can easily access user B’s bank account.
    • Vertical Privilege Escalation: In a vertical privilege escalation, the unauthorized user tries to gain access to the resources and functions of a user with higher privileges, such as application or site administrators. For example, someone using online banking can access the site using administrative functions.

    Privilege Escalation Techniques Covered in the Learning Path:

    • Command injection for Privilege Escalation
    • Kernel Vulnerability Exploitation for Privilege Escalation
    • Script Injection for Privilege Escalation
    • Privilege Escalation Script
    • msfvenom Privilege Escalation Exploit
    • Kernel Vulnerability Exploitation for Privilege Escalation
    • Local Privilege Escalation
    • Privilege Escalation Exploit
    • Application Vulnerability Exploitation for Privilege Escalation
    Skill ID Statement
    S0001 Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
    S0009 Skill in assessing the robustness of security systems and designs.
    S0044 Skill in mimicking threat behaviors.
    S0051 Skill in the use of penetration testing tools and techniques.
    S0137 Skill in conducting application vulnerability assessments.
    S0364 Skill to develop insights about the context of an organization’s threat environment
    • Blue Team Technician
    • Red Team Technician
    • Computer Network Defense (CND) Auditor
    • Ethical Hacker
    • Information Security Engineer
    • Internal Enterprise Auditor
    • Penetration Tester
    • Network Security Engineer
    • Reverse Engineer
    • Risk/Vulnerability Analyst
    • Technical Surveillance Countermeasures Technician
    • Vulnerability Manager

    Environment Screenshots