T1548 Abuse Elevation Control Mechanism Mappings

Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-16 Security and Privacy Attributes Protects T1548 Abuse Elevation Control Mechanism
AC-2 Account Management Protects T1548 Abuse Elevation Control Mechanism
AC-3 Access Enforcement Protects T1548 Abuse Elevation Control Mechanism
AC-5 Separation of Duties Protects T1548 Abuse Elevation Control Mechanism
AC-6 Least Privilege Protects T1548 Abuse Elevation Control Mechanism
CA-7 Continuous Monitoring Protects T1548 Abuse Elevation Control Mechanism
CA-8 Penetration Testing Protects T1548 Abuse Elevation Control Mechanism
CM-2 Baseline Configuration Protects T1548 Abuse Elevation Control Mechanism
CM-5 Access Restrictions for Change Protects T1548 Abuse Elevation Control Mechanism
CM-6 Configuration Settings Protects T1548 Abuse Elevation Control Mechanism
CM-7 Least Functionality Protects T1548 Abuse Elevation Control Mechanism
CM-8 System Component Inventory Protects T1548 Abuse Elevation Control Mechanism
IA-2 Identification and Authentication (organizational Users) Protects T1548 Abuse Elevation Control Mechanism
RA-5 Vulnerability Monitoring and Scanning Protects T1548 Abuse Elevation Control Mechanism
SC-18 Mobile Code Protects T1548 Abuse Elevation Control Mechanism
SC-34 Non-modifiable Executable Programs Protects T1548 Abuse Elevation Control Mechanism
SI-12 Information Management and Retention Protects T1548 Abuse Elevation Control Mechanism
SI-16 Memory Protection Protects T1548 Abuse Elevation Control Mechanism
SI-3 Malicious Code Protection Protects T1548 Abuse Elevation Control Mechanism
SI-4 System Monitoring Protects T1548 Abuse Elevation Control Mechanism
SI-7 Software, Firmware, and Information Integrity Protects T1548 Abuse Elevation Control Mechanism
alerts_for_windows_machines Alerts for Windows Machines technique_scores T1548 Abuse Elevation Control Mechanism
azure_sentinel Azure Sentinel technique_scores T1548 Abuse Elevation Control Mechanism
file_integrity_monitoring File Integrity Monitoring technique_scores T1548 Abuse Elevation Control Mechanism
docker_host_hardening Docker Host Hardening technique_scores T1548 Abuse Elevation Control Mechanism

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1548.002 Bypass User Account Control 15
T1548.004 Elevated Execution with Prompt 11
T1548.001 Setuid and Setgid 4
T1548.003 Sudo and Sudo Caching 14