1 00:00:06,620 --> 00:00:09,112 - Privilege escalation is a type of attack 2 00:00:09,112 --> 00:00:12,450 and it's also a type of vulnerability. 3 00:00:12,450 --> 00:00:16,460 In a privileged escalation attack, it basically, you know, 4 00:00:16,460 --> 00:00:20,077 entails the process of taking some level of access, 5 00:00:20,077 --> 00:00:22,300 whether it's authorized or not, 6 00:00:22,300 --> 00:00:25,930 and then achieving a even greater level of access. 7 00:00:25,930 --> 00:00:29,620 Subsequently elevating the user's privileges. 8 00:00:29,620 --> 00:00:33,910 An example is whenever an attacker gains user mode access 9 00:00:33,910 --> 00:00:36,587 to a firewall, or server, or a switch, you know, 10 00:00:38,616 --> 00:00:40,770 or router, or any infrastructure device, 11 00:00:40,770 --> 00:00:44,931 and then uses privilege escalation of vulnerability 12 00:00:44,931 --> 00:00:49,931 to gain access to the system and elevate their privileges 13 00:00:50,250 --> 00:00:52,020 to let's say, admin access, right? 14 00:00:52,020 --> 00:00:54,940 So in the case of a server, or a Linux server, 15 00:00:54,940 --> 00:00:57,970 they can elevate their privilege to root, 16 00:00:57,970 --> 00:01:00,620 or in the case of a router, or switch, or a firewall 17 00:01:00,620 --> 00:01:01,890 they can elevate their privilege 18 00:01:01,890 --> 00:01:06,320 to a privilege 15 admin user, right? 19 00:01:06,320 --> 00:01:11,320 So that's how a privilege escalation attack actually works. 20 00:01:11,690 --> 00:01:13,260 Now, you may ask, you know, 21 00:01:13,260 --> 00:01:15,400 what is actually a code execution attack? 22 00:01:15,400 --> 00:01:18,740 And that's whenever threat actors gain access 23 00:01:18,740 --> 00:01:20,660 to a system but then may be able 24 00:01:20,660 --> 00:01:22,120 to actually take several actions, right? 25 00:01:22,120 --> 00:01:24,220 So the type of action will depend 26 00:01:24,220 --> 00:01:27,550 on the level of access the attacker has or can achieve. 27 00:01:27,550 --> 00:01:29,650 And it's actually based on the permissions granted 28 00:01:29,650 --> 00:01:33,270 to that account compromised by that attacker. 29 00:01:33,270 --> 00:01:35,491 Now, one of the most devastating actions available 30 00:01:35,491 --> 00:01:38,580 is whenever an attacker, you know 31 00:01:38,580 --> 00:01:40,630 has the ability to execute code, 32 00:01:40,630 --> 00:01:45,550 and specifically to execute code remotely in a system. 33 00:01:45,550 --> 00:01:48,730 So once you actually have access to the device, 34 00:01:48,730 --> 00:01:50,290 and can execute code, 35 00:01:50,290 --> 00:01:53,090 basically all bets are off from that point. 36 00:01:53,090 --> 00:01:54,861 So code execution could result 37 00:01:54,861 --> 00:01:58,787 in an adverse impact to the confidentiality, the integrity, 38 00:01:58,787 --> 00:02:03,053 or the availability of a system, or the whole network.