task2

Penetration Test Proposal

Deliverable 2: Topic

Name:

Course Number and Section:

Instructor:

Date:

Topic

Overview

Privilege Escalation is a threat vector which permits hackers to enter into the infrastructure of organizations to gain access to sensitive information and steal from organizations.

Scope

Privilege escalation becomes easy when organizations do not have an adequate security system to keep hackers from entering into their systems easily.

Privileges can be escalated using the following techniques

Checklist

Access token handling: In this technique Hackers can gain access tokens by stealing them, creating process with them or by making and impersonating them. By the use of Duplicate Token(Ex), a new token can be created that can duplicate an already existing token.

Bypassing the user access control: The UAC (User Account Control) often has security gaps and if the protection level is not set to the highest level, hackers can often gain access to personal information.

Valid Accounts:

Users can hack into various systems and gain access to valid user accounts which helps them look authorized users on the internet, through these valid accounts they can contact companies and ask for confidential information without being detected.

Ethical Considerations

I would establish my command and control communication channel by choosing from connection proxy, data encoding, commonly used port, multi-hip proxy, data obfuscation or fallback channels. My first choice would be connection proxy because it evades any direct connection that could link me to my infrastructure. It also helps in building trusted communications by riding over existing paths that sidestep doubt between targets.

References

Banach, Z. (2019, August 2). What Is Privilege Escalation and Why Is It Important? Retrieved February 20, 2020, from https://www.netsparker.com/blog/web-security/privilege-escalation/

.