T1068 Exploitation for Privilege Escalation Mappings

Adversaries may exploit software vulnerabilities in an attempt to collect elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.

When initially gaining access to a system, an adversary may be operating within a lower privileged process which will prevent them from accessing certain resources on the system. Vulnerabilities may exist, usually in operating system components and software commonly running at higher permissions, that can be exploited to gain higher levels of access on the system. This could enable someone to move from unprivileged or user level permissions to SYSTEM or root permissions depending on the component that is vulnerable. This may be a necessary step for an adversary compromising a endpoint system that has been properly configured and limits other privilege escalation methods.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-2 Account Management Protects T1068 Exploitation for Privilege Escalation
AC-4 Information Flow Enforcement Protects T1068 Exploitation for Privilege Escalation
AC-6 Least Privilege Protects T1068 Exploitation for Privilege Escalation
CA-7 Continuous Monitoring Protects T1068 Exploitation for Privilege Escalation
CA-8 Penetration Testing Protects T1068 Exploitation for Privilege Escalation
CM-2 Baseline Configuration Protects T1068 Exploitation for Privilege Escalation
CM-6 Configuration Settings Protects T1068 Exploitation for Privilege Escalation
CM-8 System Component Inventory Protects T1068 Exploitation for Privilege Escalation
RA-10 Threat Hunting Protects T1068 Exploitation for Privilege Escalation
RA-5 Vulnerability Monitoring and Scanning Protects T1068 Exploitation for Privilege Escalation
SC-18 Mobile Code Protects T1068 Exploitation for Privilege Escalation
SC-2 Separation of System and User Functionality Protects T1068 Exploitation for Privilege Escalation
SC-26 Decoys Protects T1068 Exploitation for Privilege Escalation
SC-29 Heterogeneity Protects T1068 Exploitation for Privilege Escalation
SC-3 Security Function Isolation Protects T1068 Exploitation for Privilege Escalation
SC-30 Concealment and Misdirection Protects T1068 Exploitation for Privilege Escalation
SC-35 External Malicious Code Identification Protects T1068 Exploitation for Privilege Escalation
SC-39 Process Isolation Protects T1068 Exploitation for Privilege Escalation
SC-7 Boundary Protection Protects T1068 Exploitation for Privilege Escalation
SI-2 Flaw Remediation Protects T1068 Exploitation for Privilege Escalation
SI-3 Malicious Code Protection Protects T1068 Exploitation for Privilege Escalation
SI-4 System Monitoring Protects T1068 Exploitation for Privilege Escalation
SI-5 Security Alerts, Advisories, and Directives Protects T1068 Exploitation for Privilege Escalation
SI-7 Software, Firmware, and Information Integrity Protects T1068 Exploitation for Privilege Escalation
alerts_for_windows_machines Alerts for Windows Machines technique_scores T1068 Exploitation for Privilege Escalation
azure_security_center_recommendations Azure Security Center Recommendations technique_scores T1068 Exploitation for Privilege Escalation
linux_auditd_alerts_and_log_analytics_agent_integration Linux auditd alerts and Log Analytics agent integration technique_scores T1068 Exploitation for Privilege Escalation
azure_defender_for_resource_manager Azure Defender for Resource Manager technique_scores T1068 Exploitation for Privilege Escalation
azure_sentinel Azure Sentinel technique_scores T1068 Exploitation for Privilege Escalation
azure_defender_for_kubernetes Azure Defender for Kubernetes technique_scores T1068 Exploitation for Privilege Escalation
azure_automation_update_management Azure Automation Update Management technique_scores T1068 Exploitation for Privilege Escalation
azure_policy Azure Policy technique_scores T1068 Exploitation for Privilege Escalation
azure_defender_for_app_service Azure Defender for App Service technique_scores T1068 Exploitation for Privilege Escalation
azure_defender_for_container_registries Azure Defender for Container Registries technique_scores T1068 Exploitation for Privilege Escalation
sql_vulnerability_assessment SQL Vulnerability Assessment technique_scores T1068 Exploitation for Privilege Escalation
integrated_vulnerability_scanner_powered_by_qualys Integrated Vulnerability Scanner Powered by Qualys technique_scores T1068 Exploitation for Privilege Escalation
docker_host_hardening Docker Host Hardening technique_scores T1068 Exploitation for Privilege Escalation