Privilege Escalation Methods
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): Extensive list of commands to escalate privileges on Linux and Windows, including sudo exploitation, capability abuse, and service manipulation.
- [REMOTE_CODE_EXECUTION] (MEDIUM): Provides patterns for downloading and executing remote payloads via PowerShell (iwr and iex), which is a common method for establishing persistence.
- [DATA_EXFILTRATION] (MEDIUM): Includes methods for harvesting credentials and extracting sensitive system files like the NTDS.dit database.
- [CREDENTIALS_UNSAFE] (MEDIUM): Specific instructions for dumping hashes and plaintext credentials using tools like Mimikatz, Responder, and Impacket.
Audit Metadata