Read as
Last updated: April 29, 2026
Root escalation — getting from “regular user” to “root” or SYSTEM — is how most breaches turn catastrophic. A foothold becomes domain compromise via privilege escalation.
Root escalation — getting from “regular user” to “root” or SYSTEM — is how most breaches turn catastrophic. A foothold becomes domain compromise via privilege escalation. This module covers the technique classes, the defences, and what a practitioner should be able to recognise on both the offensive and defensive sides.
The privesc landscape
Privilege escalation falls into five broad buckets:
- Kernel exploits — memory-corruption or logic bugs in the OS kernel grant root
- Misconfigurations — setuid binaries, writable sudoers, cron jobs running as root
- Weak credentials — reused passwords, password in memory, SSH key theft
- Service exploitation — privileged services with exploitable bugs (systemd, polkit, cron)
- Stored credentials — AWS keys on disk, tokens in env, credentials in shell history
Want this for your team?
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.
Book team training call
Replies in 4 working hrs · India-only · Senior consultants