Esc

Exploitation for Privilege Escalation - T1068

(ATT&CK® Technique)

Definition

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.

D3FEND Inferred Relationships

Browse the D3FEND knowledge graph by clicking on the nodes below.

        graph LR;

     T1068["Exploitation for Privilege Escalation"] --> |may-modify| StackFrame["Stack Frame"]; class T1068 OffensiveTechniqueNode;
        class StackFrame ArtifactNode; click StackFrame href "/dao/artifact/d3f:StackFrame";
        click T1068 href "/offensive-technique/attack/T1068/"; click StackFrame href "/dao/artifact/d3f:StackFrame"; T1068["Exploitation for Privilege Escalation"] --> |modifies| ProcessCodeSegment["Process Code Segment"]; class T1068 OffensiveTechniqueNode;
        class ProcessCodeSegment ArtifactNode; click ProcessCodeSegment href "/dao/artifact/d3f:ProcessCodeSegment";
        click T1068 href "/offensive-technique/attack/T1068/"; click ProcessCodeSegment href "/dao/artifact/d3f:ProcessCodeSegment";                          SegmentAddressOffsetRandomization["Segment Address Offset Randomization"] -->
          | obfuscates | ProcessCodeSegment["Process Code Segment"];

          SegmentAddressOffsetRandomization["Segment Address Offset Randomization"] -.->
            | may-harden | T1068["Exploitation for Privilege Escalation"] ;
          class SegmentAddressOffsetRandomization DefensiveTechniqueNode;
          class ProcessCodeSegment ArtifactNode;
          click SegmentAddressOffsetRandomization href "/technique/d3f:SegmentAddressOffsetRandomization"; StackFrameCanaryValidation["Stack Frame Canary Validation"] -->
          | validates | StackFrame["Stack Frame"];

          StackFrameCanaryValidation["Stack Frame Canary Validation"] -.->
            | may-harden | T1068["Exploitation for Privilege Escalation"] ;
          class StackFrameCanaryValidation DefensiveTechniqueNode;
          class StackFrame ArtifactNode;
          click StackFrameCanaryValidation href "/technique/d3f:StackFrameCanaryValidation"; MemoryBoundaryTracking["Memory Boundary Tracking"] -->
          | analyzes | ProcessCodeSegment["Process Code Segment"];

          MemoryBoundaryTracking["Memory Boundary Tracking"] -.->
            | may-detect | T1068["Exploitation for Privilege Escalation"] ;
          class MemoryBoundaryTracking DefensiveTechniqueNode;
          class ProcessCodeSegment ArtifactNode;
          click MemoryBoundaryTracking href "/technique/d3f:MemoryBoundaryTracking";                                        ProcessCodeSegmentVerification["Process Code Segment Verification"] -->
          | verifies | ProcessCodeSegment["Process Code Segment"];

          ProcessCodeSegmentVerification["Process Code Segment Verification"] -.->
            | may-detect | T1068["Exploitation for Privilege Escalation"] ;
          class ProcessCodeSegmentVerification DefensiveTechniqueNode;
          class ProcessCodeSegment ArtifactNode;
          click ProcessCodeSegmentVerification href "/technique/d3f:ProcessCodeSegmentVerification"; ShadowStackComparisons["Shadow Stack Comparisons"] -->
          | analyzes | StackFrame["Stack Frame"];

          ShadowStackComparisons["Shadow Stack Comparisons"] -.->
            | may-detect | T1068["Exploitation for Privilege Escalation"] ;
          class ShadowStackComparisons DefensiveTechniqueNode;
          class StackFrame ArtifactNode;
          click ShadowStackComparisons href "/technique/d3f:ShadowStackComparisons"; ProcessSegmentExecutionPrevention["Process Segment Execution Prevention"] -->
          | neutralizes | ProcessCodeSegment["Process Code Segment"];

          ProcessSegmentExecutionPrevention["Process Segment Execution Prevention"] -.->
            | may-harden | T1068["Exploitation for Privilege Escalation"] ;
          class ProcessSegmentExecutionPrevention DefensiveTechniqueNode;
          class ProcessCodeSegment ArtifactNode;
          click ProcessSegmentExecutionPrevention href "/technique/d3f:ProcessSegmentExecutionPrevention";

json