MITRE ATT&CK / T1548
T1548
Abuse Elevation Control Mechanism
Description
Adversaries may circumvent mechanisms designed to control privilege elevation to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk.(Citation: TechNet How UAC Works)(Citation: sudo man page 2018) An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.(Citation: OSX Keydnap malware)(Citation: Fortinet Fareit)
Platforms
Mitigations
- M1038 — Execution Prevention
- M1028 — Operating System Configuration
- M1051 — Update Software
- M1052 — User Account Control
- M1026 — Privileged Account Management
- M1018 — User Account Management
- M1047 — Audit
- M1022 — Restrict File and Directory Permissions
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
- PCPJack Cloud Worm Evicts TeamPCP and Steals 40+ Credential Types at Scale
- Attackers Abuse Bun JavaScript Runtime to Spread NWHStealer Infostealer
- DEEP#DOOR Python Backdoor Detection: YARA Rules, Network IOCs, and Credential Theft Defences
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →