Privilege Escalation

Privilege Escalation explores the tactical "jump" attackers take to move from restricted access to total administrative control. This tag covers the mechanics of account takeover (ATO), the abuse of system impersonation tokens, and architectural flaws like PhantomRPC. By analyzing how low-privileged services are used as jump-points to SYSTEM level authority, we provide defenders with the behavioral insights needed to break the attack chain before it reaches critical infrastructure.

Microsoft Patches Critical Entra ID Role Flaw That Enabled Service-Principal Takeover

PhantomRPC: A New Windows RPC Privilege Escalation Technique