Hello, and welcome to this course, in which we're talking about Python for privilege escalation. In this video, we're going to start discussing the privilege escalation tactic of the MITRE ATT&CK framework. The reason why we care about privilege escalation is that cybercriminals don't always immediately gain the access that they require to perform their attacks. If you think about it, most exploits are targeting user workstations or computers, like web servers, that are on the DMC, and firewalled at some level from the rest of the organization's network. While these systems provide an initial footprint or foothold on a target network, they don't provide the access that the attacker needs to achieve their goals, and in some cases, if the systems are implemented and secured correctly, the principle of least privilege is in play, meaning that the compromised accounts don't always have the level of privilege required for an attacker's goals. Additionally, a particular compromised account might not offer any opportunities for an attacker to move laterally through the network to achieve their final objectives. To address this issue, a attacker might use privilege escalation, which would allow them to gain the level of permissions, and access that they require. This might involve gaining access to higher-level accounts, or by attempting to expand their permissions and privileges associated with a compromised account under their control. The MITRE ATT&CK framework outlines a number of different techniques for performing privilege escalation: can abuse elevation control mechanisms, take advantage of access tokens, use boot or logon autostart execution or scripts, modify system processes, take advantage of event-triggered execution, perform additional exploitation to gain access to a more privileged account, mess with a network's group policies, hijack execution flow, perform process injection, use scheduled tasks or jobs, or exploit access to valid accounts on the system. Off this list of potential privilege escalation mechanisms, we're going to be focusing on two, where we're going to use Python for privilege escalation. The first of these is boot or logon autostart execution, of which we're going to use a particular sub-technique, and take advantage of logon scripts. The other technique we'll be taking advantage of is process injection, and more specifically, we'll discuss how Python library injection can be used for privilege escalation. In the next video, we'll start out with a discussion of this first technique, boot or logon autostart execution. Thank you.
