Privilege Escalation is the exploitation of a security flaw to access resources normally protected from a user or application. It can allow a low-privileged user to act as a system administrator — opening files, modifying accounts, or destroying Active Directory.

Two Types of Privilege Escalation

Type	Description	Example
Horizontal	Access resources belonging to a peer with similar permissions	Viewing another user’s banking data
Vertical	Access resources belonging to a higher-privileged account	Regular user gaining root/admin access

Privilege Separation Architecture

A well-designed service splits into a privileged monitor and unprivileged slaves. The slave requests the monitor to perform privileged operations; the monitor validates each request before executing. This minimises the privileged code surface exposed to attack.

• Pre-Authentication Phase: Unprivileged child has no process privileges or file system access.
• Post-Authentication Phase: Child gets user-level privileges only; special operations still route through the privileged parent.

Mitigation Guidance

• Apply the Principle of Least Privilege throughout all service accounts and processes.
• Remove unused services and applications from network devices.
• Enforce strict password policies and disable unused accounts.
• Tighten default access permissions — Windows “Everyone” group should not be the default.
• Regularly audit log files and baseline system files for anomalies.