Privilege Escalation

00:01

Hey, everyone, welcome back to the course. So in this video, we're gonna cover a brief introduction to privilege escalation. So we'll talk about the different types of privilege escalation. We also talk about some ways we can help prevent against privilege escalation attacks.

00:15

So the two main types of privilege escalation are vertical and horizontal. So with vertical, this is where we get some kind of user account on the device. And then from there we escalated privileges. So we try to get, for example, that local admin account to be able to then move laterally across the network.

00:32

A lot of times we can get this because the user themselves are using a week password, right? So password 1234 or a short password that's easily decibel.

00:42

We could also do this through a vulnerability so that the device is vulnerable to a privilege escalation, exploitation. We can connect to the device, perform that attack and gain access to that account.

00:56

And also, many windows applications don't use a fully qualified path when they load the external dll libraries

01:03

eso they search in that directory that they've been loaded from. So if basically, if the attacker can put a malicious DLL in that directory. Then it's gonna be executed by that application.

01:19

And then we have horizontal privilege escalation, which is basically just pivoting from that same type of user account. So let's say that I'm just a guest user on a device. I then pivot to another device on the network with the same amount of privileges.

01:34

I could do this by doing things like capturing that access token

01:38

as well as process hijacking.

01:42

So how can we defend against privilege escalation attacks while using things like encryption techniques to protect our sensitive data, using released privileges or running users and applications with the bare minimum privileges that they need to actually execute, using things like multi factor authentication and authorization?

02:00

The bugging so checking bounds right, performing using performing bounds, checking a zealous stress, testing of our applications

02:09

and performing vulnerability scanning so we can find those vulnerabilities before they're exploited by an attacker

02:16

as well, a separating privileges. So making sure that

02:20

if I've got certain admin rights, I don't have all of the rights or all the keys to the kingdom. It's separated amongst individuals or applications as well as patching right if we find vulnerabilities. Israel patch for that. And if so, we need to make sure we apply that to the host machine.

02:38

So just a quick, quick question here for you. Syriza sys admin That needs to add security because the counting teams using weaker passwords. What's something that Sarah can implement for that particular team

02:47

is a vulnerability. Scans on a host, adding multi factor authentication or patching the host machines?

02:54

Right. So the best answer here is also the simplest one, adding multi factor authentication. So that way, if I as an attacker do get that password I can. You can help protect the device a little bit better, because there's a secondary step there where it sends him a code or the using authenticator app.