T1548

Linux macOS Windows IaaS Office Suite Identity Provider
Abuse Elevation Control Mechanism

Description

Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine.

Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.

Sub-techniques

T1548.001 — Setuid and Setgid T1548.002 — Bypass User Account Control T1548.003 — Sudo and Sudo Caching T1548.004 — Elevated Execution with Prompt T1548.005 — Temporary Elevated Cloud Access T1548.006 — TCC Manipulation