πͺ Windows Privilege Escalation
A practical Windows Privilege Escalation cheat sheet and reference guide designed for penetration testers, red teamers, and cybersecurity learners to understand how attackers escalate privileges on Windows systems during post-exploitation.
π΅ Telegram β Join Channel
β« Twitter/X β Follow Us
π£ Discord β Join Server
πΌ LinkedIn β Follow HackingArticles
π Join Our Cybersecurity Training Program
Hands-on training in Penetration Testing, Red Teaming, and Cybersecurity.
| # | Topic | Description | Article |
|---|---|---|---|
| 1 | βοΈ AlwaysInstallElevated | Abuse MSI installer policy to execute payloads with SYSTEM privileges | Read Article |
| 2 | πΎ SeBackupPrivilege | Abuse backup privileges to read sensitive system files like SAM and NTDS | Read Article |
| 3 | π DnsAdmins to DomainAdmin | Escalate privileges from DNSAdmins group to Domain Admin | Read Article |
| 4 | π SeImpersonatePrivilege | Exploit token impersonation privileges for privilege escalation | Read Article |
| 5 | 𧨠HiveNightmare | Exploit vulnerable permissions on registry hives to dump credentials | Read Article |
| 6 | π Registry Run Keys | Abuse autostart registry keys to gain persistence and escalate privileges | Read Article |
| 7 | π Startup Folder | Execute malicious programs via Windows startup folder | Read Article |
| 8 | π Stored Credentials (Runas) | Abuse saved credentials with runas command | Read Article |
| 9 | ποΈ Weak Registry Permissions | Exploit writable registry keys to escalate privileges | Read Article |
| 10 | π οΈ Unquoted Service Path | Exploit improperly quoted service paths to execute malicious binaries | Read Article |
| 11 | π₯οΈ Insecure GUI Application | Exploit GUI applications running with elevated privileges | Read Article |
| 12 | π§ Weak Service Permissions | Abuse misconfigured Windows services for privilege escalation | Read Article |
| 13 | β° Scheduled Task / Job | Exploit scheduled tasks with weak permissions to execute payloads | Read Article |
| 14 | 𧬠Kernel Exploit | Escalate privileges by exploiting vulnerable Windows kernel drivers | Read Article |
| 15 | π§Ύ SamAccountSpoofing (CVE-2021-42278) | Exploit Active Directory vulnerability to escalate privileges | Read Article |
| 16 | π¨οΈ SpoolFool | Exploit Windows Print Spooler vulnerabilities for privilege escalation | Read Article |
| 17 | π¨οΈ PrintNightmare | Exploit Print Spooler vulnerability to gain SYSTEM privileges | Read Article |
| 18 | π§βπ» Server Operator Group | Abuse Server Operators group privileges to escalate access | Read Article |
