What is privilege escalation?

Privilege escalation is an attack where an attacker gains higher access rights than they were granted. Two types: Vertical escalation: gaining higher privileges than your account should have (regular user → admin/root). Exploits: kernel vulnerabilities, SUID/SGID binaries, sudo misconfiguration, service vulnerabilities, token impersonation (Windows). Horizontal escalation: accessing resources of another user with the same privilege level (user A accessing user B's data). Common techniques: exploiting SUID binaries (find / -perm -4000), sudo misconfiguration (sudo -l), writable cron jobs, unquoted service paths (Windows), DLL hijacking, kernel exploits, credential harvesting. Prevention: (1) Least privilege principle. (2) Regular patching. (3) Audit SUID binaries and sudo rules. (4) Application whitelisting. (5) Monitor for anomalous privilege usage. (6) PAM (Privileged Access Management) for admin accounts. Privilege escalation is a critical step in the attack kill chain after initial access.