📈 Active Directory Privilege Escalation
Complete guide to privilege escalation techniques in Active Directory environments
💻 Local Privilege Escalation
Unquoted Service Paths
Description: Exploiting services with unquoted paths containing spaces
Tools:
MITRE ATT&CK: N/A
Detection: N/A
Weak Service Permissions
Description: Modifying service binaries or configurations
Tools:
MITRE ATT&CK: N/A
Detection: N/A
AlwaysInstallElevated
Description: MSI packages installing with SYSTEM privileges
Tools:
MITRE ATT&CK: N/A
Detection: N/A
Token Impersonation
Description: Stealing SYSTEM or admin tokens
Tools:
MITRE ATT&CK: N/A
Detection: N/A
Scheduled Tasks
Description: Hijacking scheduled tasks running as privileged users
Tools:
MITRE ATT&CK: N/A
Detection: N/A
🏢 Domain Privilege Escalation
Group Policy Preferences (GPP) Passwords
Description: Extracting passwords from Group Policy Preferences files
Tools:
MITRE ATT&CK: N/A
Detection: N/A
Kerberos Delegation Abuse
Description: Exploiting constrained and unconstrained delegation
Tools:
MITRE ATT&CK: N/A
Detection: N/A
DNSAdmins Group Abuse
Description: DLL injection into DNS service for SYSTEM code execution
Tools:
MITRE ATT&CK: N/A
Detection: N/A
Backup Operators Abuse
Description: Abusing backup privileges to access sensitive files
Tools:
MITRE ATT&CK: N/A
Detection: N/A
Exchange Windows Permissions
Description: Abusing Exchange permissions for DCSync rights
Tools:
MITRE ATT&CK: N/A
Detection: N/A
↔️ Lateral Movement Paths
- User -> Workstation Admin -> Server Admin -> Domain Admin
- Service Account -> Database Server -> Backup Server -> Domain Controller
- Help Desk -> User Reset -> Password Spray -> Privilege Escalation
- Phishing -> User Account -> Kerberoasting -> Service Admin -> DA
- External Access -> VPN -> Internal Network -> AD Enumeration -> Escalation