Stage 5: Privilege Escalation

Stage 5 of the cyberattack lifecycle: Privilege Escalation. The attacker elevates their access from a standard user to administrator or root — gaining the power to control critical systems and disable security controls.

Attacker Goal

Obtain higher-level permissions to control critical systems, disable security tools, and prepare for the final attack stages.

MITRE ATT&CK Techniques

T1068T1055T1134T1548T1078.003T1484

Stage Description

The attacker elevates their access from a standard user to administrator or root — gaining the power to control critical systems and disable security controls.

Common Entry Vectors

• Exploiting software vulnerabilities to gain elevated privileges
• Token manipulation to impersonate privileged accounts
• Abusing misconfigured sudo rules in Linux systems
• UAC bypass techniques on Windows systems
• Exploiting group policy and Active Directory misconfigurations

Typical Attacker Actions

• Exploits local vulnerabilities to gain administrator rights
• Manipulates access tokens to impersonate privileged users
• Abuses service accounts with excessive permissions
• Modifies group policies to expand access
• Disables security tools and logging after gaining admin access

What Purim NetGo Delivers at This Stage

• Escalation Detection — catch privilege abuse immediately
• Admin Account Monitoring — protect your highest-value credentials
• Early Warning — detect before admin access is weaponized
• Complete Intelligence — know exactly who, what, and from where
• Critical Asset Protection — guard your most sensitive accounts