Privilege Escalation (13 techniques)
Gaining higher-level permissions on a system or network.
The Privilege Escalation tactic groups MITRE ATT&CK techniques used by adversaries togaining higher-level permissions on a system or network. Each technique below has its own page with detection guidance, platforms, and sub-techniques.
- T1037 — Boot or Logon Initialization ScriptsESXi, Linux, macOS, Network Devices, Windows
- T1053 — Scheduled Task/JobContainers, ESXi, Linux, macOS, Network Devices, Windows
- T1055 — Process InjectionLinux, macOS, Windows
- T1068 — Exploitation for Privilege EscalationContainers, Linux, macOS, Windows
- T1078 — Valid AccountsContainers, ESXi, IaaS, Identity Provider, Linux, macOS, Network Devices, Office Suite, SaaS, Windows
- T1098 — Account ManipulationContainers, ESXi, IaaS, Identity Provider, Linux, macOS, Network Devices, Office Suite, SaaS, Windows
- T1134 — Access Token ManipulationWindows
- T1484 — Domain or Tenant Policy ModificationWindows, Identity Provider
- T1543 — Create or Modify System ProcessContainers, Linux, macOS, Windows
- T1546 — Event Triggered ExecutionLinux, macOS, Windows, SaaS, IaaS, Office Suite
- T1547 — Boot or Logon Autostart ExecutionLinux, macOS, Windows, Network Devices
- T1548 — Abuse Elevation Control MechanismLinux, macOS, Windows, IaaS, Office Suite, Identity Provider
- T1611 — Escape to HostWindows, Linux, Containers, ESXi
Detection engineering training, taught by practitioners.
Learn how to build real detections across the MITRE ATT&CK framework.
View Courses