0Pricing
Cyber Security Academy · Lesson

Privilege Escalation and Domain Dominance

From foothold to Domain Admin.

From Foothold to Domain Admin

A foothold is rarely the goal. The objective in an AD engagement is usually to demonstrate a path to Domain Admin or, more precisely, control of Tier 0 (DCs and identity infrastructure).

Privilege escalation in AD chains local escalation, credential theft, and directory misconfigurations until you reach the crown jewels.

Local Privilege Escalation First

From a low-priv shell on a host, you usually need local SYSTEM to dump credentials. Common local escalation vectors:

  • Unquoted service paths and weak service permissions.
  • Writable service binaries or DLL hijacking.
  • AlwaysInstallElevated MSI policy.
  • Token impersonation (Potato family) abusing SeImpersonatePrivilege.
# Enumerate local escalation paths
winPEAS.exe

# SeImpersonate abuse
PrintSpoofer.exe -i -c cmd.exe

All lessons in this course

  1. Active Directory Attack Surface
  2. Kerberos and Kerberoasting
  3. Pass-the-Hash and Pass-the-Ticket
  4. Privilege Escalation and Domain Dominance
← Back to Cyber Security Academy