Home
ATT&CK Techniques
T1548 Abuse Elevation Control Mechanism

T1548 Abuse Elevation Control Mechanism Mappings

Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.

View in MITRE ATT&CK®

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
AC-16	Security and Privacy Attributes	Protects	T1548	Abuse Elevation Control Mechanism
AC-02	Account Management	Protects	T1548	Abuse Elevation Control Mechanism
AC-03	Access Enforcement	Protects	T1548	Abuse Elevation Control Mechanism
AC-05	Separation of Duties	Protects	T1548	Abuse Elevation Control Mechanism
AC-06	Least Privilege	Protects	T1548	Abuse Elevation Control Mechanism
CA-07	Continuous Monitoring	Protects	T1548	Abuse Elevation Control Mechanism
CA-08	Penetration Testing	Protects	T1548	Abuse Elevation Control Mechanism
CM-02	Baseline Configuration	Protects	T1548	Abuse Elevation Control Mechanism
CM-05	Access Restrictions for Change	Protects	T1548	Abuse Elevation Control Mechanism
CM-06	Configuration Settings	Protects	T1548	Abuse Elevation Control Mechanism
CM-07	Least Functionality	Protects	T1548	Abuse Elevation Control Mechanism
CM-08	System Component Inventory	Protects	T1548	Abuse Elevation Control Mechanism
IA-02	Identification and Authentication (organizational Users)	Protects	T1548	Abuse Elevation Control Mechanism
RA-05	Vulnerability Monitoring and Scanning	Protects	T1548	Abuse Elevation Control Mechanism
SC-18	Mobile Code	Protects	T1548	Abuse Elevation Control Mechanism
SC-34	Non-modifiable Executable Programs	Protects	T1548	Abuse Elevation Control Mechanism
SI-12	Information Management and Retention	Protects	T1548	Abuse Elevation Control Mechanism
SI-16	Memory Protection	Protects	T1548	Abuse Elevation Control Mechanism
SI-03	Malicious Code Protection	Protects	T1548	Abuse Elevation Control Mechanism
SI-04	System Monitoring	Protects	T1548	Abuse Elevation Control Mechanism
SI-07	Software, Firmware, and Information Integrity	Protects	T1548	Abuse Elevation Control Mechanism
PUR-AS-E5	Audit Solutions	Technique Scores	T1548	Abuse Elevation Control Mechanism
DEF-SecScore-E3	Secure Score	Technique Scores	T1548	Abuse Elevation Control Mechanism
DO365-AG-E5	App Governance	Technique Scores	T1548	Abuse Elevation Control Mechanism

ATT&CK Subtechniques

Technique ID	Technique Name	Number of Mappings
T1548.002	Bypass User Account Control	12
T1548.003	Sudo and Sudo Caching	13
T1548.001	Setuid and Setgid	3
T1548.005	Temporary Elevated Cloud Access	7
T1548.004	Elevated Execution with Prompt	11