From the course: Threat Modeling: Denial of Service and Elevation of Privilege

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

What is elevation of privilege?

What is elevation of privilege?

From the course: Threat Modeling: Denial of Service and Elevation of Privilege

Start my 1-month free trial

What is elevation of privilege?

- [Instructor] Elevation of privilege attacks are all focused on one thing, gaining privileges. Going from anonymous internet user to able to run code, going from normal user to route from normal user to cloud admin. By running code, I include both running a few instructions included in an exploit and in interactive shell, but it's the ability to make a computer do your bidding. Most of these attacks work by finding a way to have a parser treat the attacker's data as code. SQL injection, cross-site scripting, stack smashing, command injection, all work because parsing complex streams is hard. The attacks tend to target victims with privileges because, while taking candy from a baby is reputedly easy, babies don't tend to have very good candy. Code that takes untrusted input needs to do two things. It needs to treat it exceptionally carefully and it needs to attenuate its privileges following a careful plan.

Contents