TA0004ATT&CK 14.1
TA0004Privilege Escalation
Description
The adversary is trying to gain higher-level permissions.
Privilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities. Examples of elevated access include:
* SYSTEM/root level
* local administrator
* user account with admin-like access
* user accounts with access to specific system or perform specific function
These techniques often overlap with Persistence techniques, as OS features that let an adversary persist can execute in an elevated context.
Techniques in this tactic· 18
T1037
Boot or Logon Initialization Scripts
T1053
Scheduled Task/Job
T1055
Process Injection
T1068
Exploitation for Privilege Escalation
T1078
Valid Accounts
T1098
Account Manipulation
T1134
Access Token Manipulation
T1484
Domain Policy Modification
T1502
Parent PID Spoofing
T1504
PowerShell Profile
T1514
Elevated Execution with Prompt
T1519
Emond
T1543
Create or Modify System Process
T1546
Event Triggered Execution
T1547
Boot or Logon Autostart Execution
T1548
Abuse Elevation Control Mechanism
T1574
Hijack Execution Flow
T1611
Escape to Host
Sub-techniques in this tactic· 93
T1037.001T1037.002T1037.003T1037.004T1037.005T1053.001T1053.002T1053.003T1053.004T1053.005T1053.006T1053.007T1055.001T1055.002T1055.003T1055.004T1055.005T1055.008T1055.009T1055.011T1055.012T1055.013T1055.014T1055.015T1078.001T1078.002T1078.003T1078.004T1098.001T1098.002T1098.003T1098.004T1098.005T1098.006T1134.001T1134.002T1134.003T1134.004T1134.005T1484.001+53 more
References
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.