Privilege Escalation with SharpUp from Pluralsight

After getting initial access to a machine, one of your main tasks is to escalate privileges to get admin access. In this course, you will learn privilege escalation using SharpUp.

In a red team engagement, after getting initial access to your machine, you need to escalate privileges to achieve admin-level permissions. In this course, Privilege Escalation with SharpUp, you'll learn how to utilize the SharpUp tool to enumerate potential privilege escalation vulnerabilities in a red team environment. First, you’ll explore the basics of privilege escalation in Windows and how to compile and run the SharpUp tool. Next, you'll see how to use SharpUp to map potential privilege escalation vulnerabilities in a server. Finally, you’ll learn how to escalate your privileges using two common techniques: Over-permissive auto-installers and over-permissive administrative logon scripts. When you’re finished with this course, you’ll have the skills and knowledge to execute these techniques Hijack Execution Flow (T1574) and Boot or Logon Autostart Execution (T1547) using SharpUp. More importantly, knowing how these techniques can be used against you will ultimately lend to your ability as an organization, or an individual, to detect and defend against specific attack vectors.

What's inside

Syllabus

Course Overview

Privilege Escalation with SharpUp

Resources

Good to know

Know what's good

, what to watch for

, and possible dealbreakers

Teaches techniques and strategies of the Red Team in an engaging manner

Develops skills in privilege escalation testing, a crucial skill for Red Teamers

Taught by experienced Ricardo Reimao, who is highly regarded in the field of cybersecurity

Utilizes the industry-recognized SharpUp tool, ensuring relevance to real-world scenarios

Provides hands-on experience through live demonstrations and exercises

Course materials are regularly updated to reflect the evolving landscape of cybersecurity

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Privilege Escalation with SharpUp with these activities:

Practice using SharpUp

Show steps

Run practice scenarios using SharpUp to familiarize yourself with its capabilities and potential vulnerabilities.

Browse courses on Privilege Escalation

Show steps

Download and install SharpUp
Run basic privilege escalation commands
Test potential vulnerabilities in a lab environment

Follow tutorials on SharpUp usage

Show steps

Enhance your understanding of SharpUp's features and techniques through guided tutorials from reputable sources.

Browse courses on Privilege Escalation

Show steps

Identify comprehensive tutorials on SharpUp
Follow the tutorials step-by-step, taking notes on key concepts
Practice implementing the techniques learned in the tutorials

Conduct regular practice exercises

Show steps

Engage in regular practice exercises to reinforce your understanding of SharpUp's capabilities and potential vulnerabilities.

Browse courses on Privilege Escalation

Show steps

Create a list of common privilege escalation scenarios
Use SharpUp to test and resolve these scenarios
Document your findings and lessons learned

Four other activities

Expand to see all activities and additional details

Show all seven activities

Participate in hands-on workshops

Show steps

Immerse yourself in practical training sessions to enhance your skills in utilizing SharpUp for privilege escalation and red team engagements.

Browse courses on Privilege Escalation

Show steps

Research and identify reputable workshops led by experienced practitioners
Register for the workshop and prepare for active participation
Fully engage in the hands-on exercises and discussions
Network with fellow participants and instructors

Develop a cheat sheet or reference guide on SharpUp

Show steps

Create a personalized resource that summarizes key SharpUp commands, techniques, and potential vulnerabilities for quick reference during your red team engagements.

Browse courses on Privilege Escalation

Show steps

Gather information and resources on SharpUp
Organize and synthesize the information into a cheat sheet or reference guide
Customize the resource to include your own notes and insights

Attend industry conferences and meetups

Show steps

Connect with professionals in the field to exchange knowledge, share experiences, and stay updated on the latest advancements in privilege escalation techniques.

Browse courses on Privilege Escalation

Show steps

Identify relevant conferences and meetups in your area or online
Prepare topics for discussion or questions to ask experts
Network with attendees, exchange contact information, and follow up

Develop a custom tool or script

Show steps

Enhance your learning experience by creating your own tool or script that automates or simplifies privilege escalation tasks, tailored to your specific needs and interests.

Browse courses on Privilege Escalation

Show steps

Identify a specific privilege escalation problem or need
Design and develop a tool or script that addresses the problem
Test and refine the tool or script to ensure its effectiveness
Document the tool or script, including its usage and limitations

Career center

Learners who complete Privilege Escalation with SharpUp will develop knowledge and skills that may be useful to these careers:

Security Engineer

Security Engineers develop and implement security solutions to protect an organization’s computer networks and systems. The skills you learn in this course can help you to enumerate potential privilege escalation vulnerabilities in a red team environment.

See salaries and explore the career path for Security Engineer

Information Security Analyst

Information Security Analysts plan and implement security measures to protect an organization’s computer networks and systems. As an Information Security Analyst, you can use the skills you learn in this course to help an organization detect and defend against specific attack vectors.

See salaries and explore the career path for Information Security Analyst

Penetration Tester

Penetration Testers assess the security of an organization’s computer networks and systems by simulating attacks. This course will help you build a foundation in privilege escalation, which is crucial for Penetration Testers.

See salaries and explore the career path for Penetration Tester

Cybersecurity Analyst

Cybersecurity Analysts analyze and interpret data to identify and mitigate cybersecurity threats. This course can help you understand how attackers use privilege escalation to gain access to systems and data.

See salaries and explore the career path for Cybersecurity Analyst

Network Security Engineer

Network Security Engineers design, implement, and maintain network security solutions. The skills you learn in this course will help you identify and mitigate network-based privilege escalation vulnerabilities.

See salaries and explore the career path for Network Security Engineer

Cybersecurity Consultant

Cybersecurity Consultants provide advice and guidance to organizations on how to improve their cybersecurity posture. This course will provide you with the knowledge and skills to help organizations address privilege escalation vulnerabilities.

See salaries and explore the career path for Cybersecurity Consultant

Security Architect

Security Architects design and implement security solutions for complex systems. This course will help you understand the principles of privilege escalation and how to design systems that are resistant to these attacks.

See salaries and explore the career path for Security Architect

Cyber Threat Intelligence Analyst

Cyber Threat Intelligence Analysts collect and analyze data to identify and assess cyber threats. This course will help you understand how attackers use privilege escalation to exploit systems and data.

See salaries and explore the career path for Cyber Threat Intelligence Analyst

Cloud Security Engineer

Cloud Security Engineers design and implement security solutions for cloud-based systems. This course will help you understand the unique challenges of privilege escalation in the cloud and how to mitigate these risks.

See salaries and explore the career path for Cloud Security Engineer

DevSecOps Engineer

DevSecOps Engineers integrate security into the software development process. This course will help you understand how to identify and mitigate privilege escalation vulnerabilities in software applications.

See salaries and explore the career path for DevSecOps Engineer

Security Researcher

Security Researchers identify and develop new techniques for detecting and mitigating cybersecurity threats. This course may help you develop new methods for detecting and preventing privilege escalation attacks.

See salaries and explore the career path for Security Researcher

Digital Forensics Analyst

Digital Forensics Analysts investigate and analyze digital evidence to identify and prosecute cybercriminals. This course may help you understand how attackers use privilege escalation to gain access to systems and data.

See salaries and explore the career path for Digital Forensics Analyst

Incident Responder

Incident Responders investigate and mitigate security incidents. This course will help you build a foundation in privilege escalation, which is a common technique used by attackers in security incidents.

See salaries and explore the career path for Incident Responder

Security Operations Center Analyst

Security Operations Center Analysts monitor and respond to security events. This course will help you understand how attackers use privilege escalation to gain access to systems and data.

See salaries and explore the career path for Security Operations Center Analyst

Threat Intelligence Analyst

Threat Intelligence Analysts collect and analyze data to identify and assess cyber threats. This course may help you develop new methods for detecting and preventing privilege escalation attacks.

See salaries and explore the career path for Threat Intelligence Analyst