Windows Privilege Escalation MindmapPrivilege escalation in Windows is the process of gaining administrative access to perform certain tasks, such as changing system settings, installing and uninstalling programs, or accessing protected files and folders.
This may be due to vulnerabilities in the system, services, or applications that allow attackers to gain control of the system.
Windows Privilege Escalation Methods:
⏺User Account Control (UAC) Bypass. For example, using legitimate Windows utilities that automatically gain administrator privileges and spoofing their call to run their own code;
⏺Kernel Exploits. Vulnerabilities in drivers or the Windows kernel itself grant complete control;
⏺DLL Hijacking. An attacker replaces a legitimate DLL with a malicious one, which is then launched by a trusted application;
⏺Misconfigured Services. Services with incorrectly assigned permissions can be restarted with the correct code;
⏺Scheduled tasks. Changing tasks in the scheduler to run with SYSTEM permissions.
