From the course: Complete Guide to Enterprise Cyber Defense
Join today to access over 25,500 courses taught by industry experts.
Understanding Windows attacks
From the course: Complete Guide to Enterprise Cyber Defense
Understanding Windows attacks
- [Instructor] One of the most common Windows attacks is a Privilege Escalation Technique. This is a situation where an attacker has already gained access to the system, but they have limited access rights. So they need to escalate their privileges to become a more powerful user such as system. Let's take a look at an example. Here we have a Meterpreter shell running on WEB01 in the context of IIS POOL\SiteA user. This means there's an exploit running on WEB01, which we are in control of. We can interact with this by going -i interact with the session, shell, and we have full shell access to that server. But as we mentioned, we're running in the context of a limited IIS APPPOOL user, in this case, sitea. We do whoami /all. We can see we have limited permissions here, so the attacker needs to escalate the permissions to become a more dangerous user. By default, IIS APPPOOL application users have this…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.