Discover the definition of the term Elevation Of Privileges presented by Les Assises de la Cybersécurité.

ELEVATION OF PRIVILEGES

During a computer attack, when the attacker manages to execute code on the targeted machine, it is often with the same rights as the resource through which it was able to execute its code. If, for example, a user has clicked on a link or opened a booby-trapped attachment, then the malicious program will have the same rights as that user. If it is another process (a web server, for example), then the malicious code will be limited to the rights of that process. However, these rights are not always sufficient to achieve the attacker's objective (which is what the defenders are looking for!). An elevation of privilege therefore enables the hacker to "gain" higher rights by exploiting a new local vulnerability in order to continue his attack.

A hacker who loves social justice will refuse to elevate his privileges as a matter of principle. But he won't go as far...

X
Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.
Confirm