Privilege Escalation with SweetPotato from Pluralsight

Escalating local privileges is an essential step on a red team engagement, it allows you to fully own a target machine. In this course, you'll learn privilege escalation using SweetPotato.

After getting access to an account in a local machine, your job is to escalate your privileges to system-level so you can fully own the machine and gain access to sensitive data and in-memory passwords. In this course, Privilege Escalation with SweetPotato, you’ll cover how to utilize the SweetPotato tool to execute local privilege escalation attacks in a red team engagement. First, you'll explore how to leverage SweetPotato to escalate privileges using the Print Spooler service as a way to get system-level privileges. Next, you'll use the same tool to execute other known privilege escalation exploits. Finally, you'll use the system-level privileges obtained to dump all the in-memory passwords of the machine. When you’re finished with this course, you’ll have the skills and knowledge to execute Exploitation for Privilege Escalation (T1068) using SweetPotato. More importantly, knowing how these techniques can be used against you will ultimately lend to your ability as an organization, or an individual, to detect and defend against specific attack vectors.

What's inside

Syllabus

Course Overview

Privilege Escalation with SweetPotato

Resources

Good to know

Know what's good

, what to watch for

, and possible dealbreakers

Taught by Ricardo Reimao who are recognized for their work in red team engagements

Develops skills and knowledge which are core for red team engagements

Utilizes SweetPotato tool which is highly relevant to the topic of privilege escalation

Hands-on with interactive materials like labs for privilege escalation

Caveat: Assumes students have prior knowledge of red team engagements

Career center

Learners who complete Privilege Escalation with SweetPotato will develop knowledge and skills that may be useful to these careers:

Penetration Tester

Penetration Testers simulate attacks on an organization's systems and networks to identify and mitigate security risks. SweetPotato may help you get into this field by exposing you to the kind of techniques that malicious attackers might use. You can use this knowledge to help organizations to protect their data and computer systems from these or similar attacks in the future.

See salaries and explore the career path for Penetration Tester

Information Security Engineer

Information Security Engineers design, implement, and maintain security measures to protect an organization's data and computer systems from a variety of different threats. SweetPotato may help you get into this field by exposing you to the kind of techniques that malicious attackers might use. You can use this knowledge to protect data-driven organizations from these or similar attacks in the future.

See salaries and explore the career path for Information Security Engineer

Security Architect

Security Architects design, implement, and maintain security measures to protect an organization's data and computer systems from a variety of different threats including malicious attackers. SweetPotato may help you get into this field by exposing you to the kind of techniques that malicious attackers might use. You can use this knowledge to protect data-driven organizations from these or similar attacks in the future.

See salaries and explore the career path for Security Architect

Computer and Information Security Analyst

Computer and Information Security Analysts help organizations and businesses to protect their data and computer systems from malicious attacks. SweetPotato may help you get into this field by exposing you to the kind of techniques that malicious attackers might use. You can use this knowledge to protect data-driven organizations from these or similar attacks in the future.

See salaries and explore the career path for Computer and Information Security Analyst

Malware Analyst

Malware Analysts investigate malware attacks and help organizations to protect their systems from future attacks. SweetPotato may help you get into this field by exposing you to the kind of techniques that malicious attackers might use. You can use this knowledge to help organizations to protect their data and computer systems from these or similar attacks in the future.

See salaries and explore the career path for Malware Analyst

Security Researcher

Security Researchers identify and analyze new security vulnerabilities and threats. SweetPotato may help you get into this field by exposing you to the kind of techniques that malicious attackers might use. You can use this knowledge to help organizations to protect their data and computer systems from these or similar attacks in the future.

See salaries and explore the career path for Security Researcher

Security Consultant

Security Consultants help organizations to identify and mitigate security risks. SweetPotato may help you get into this field by exposing you to the kind of techniques that malicious attackers might use. You can use this knowledge to help organizations to protect their data and computer systems from these or similar attacks in the future.

See salaries and explore the career path for Security Consultant

Security Analyst

Security Analysts monitor and analyze an organization's security systems and data to identify and mitigate security risks. SweetPotato may help you get into this field by exposing you to the kind of techniques that malicious attackers might use. You can use this knowledge to help organizations to protect their data and computer systems from these or similar attacks in the future.

See salaries and explore the career path for Security Analyst

Forensic Computer Analyst

Forensic Computer Analysts investigate cyber crimes and help law enforcement organizations. SweetPotato may help you get into this field by exposing you to the kind of techniques that malicious attackers might use. You can use this knowledge to help law enforcement catch and prosecute these attackers, making the internet a safer place for everyone.

See salaries and explore the career path for Forensic Computer Analyst

Vulnerability Analyst

Vulnerability Analysts identify and assess vulnerabilities in an organization's systems and networks. SweetPotato may help you get into this field by exposing you to the kind of techniques that malicious attackers might use. You can use this knowledge to help organizations to protect their data and computer systems from these or similar attacks in the future.

See salaries and explore the career path for Vulnerability Analyst

Network Security Engineer

Network Security Engineers design, implement, and maintain security measures to protect an organization's network and data from a variety of different threats including malicious attackers. SweetPotato may help you get into this field by exposing you to the kind of techniques that malicious attackers might use. You can use this knowledge to protect data-driven organizations from these or similar attacks in the future.

See salaries and explore the career path for Network Security Engineer

Incident Responder

Incident Responders investigate and respond to security incidents. SweetPotato may help you get into this field by exposing you to the kind of techniques that malicious attackers might use. You can use this knowledge to help organizations to protect their data and computer systems from these or similar attacks in the future.

See salaries and explore the career path for Incident Responder

Systems Administrator

Systems Administrators maintain and troubleshoot computer systems and networks to ensure that they are running smoothly and securely. SweetPotato may help you get into this field by exposing you to the kind of techniques that malicious attackers might use. You can use this knowledge to protect data-driven organizations from these or similar attacks in the future.

See salaries and explore the career path for Systems Administrator

Chief Information Security Officer (CISO)

Chief Information Security Officers (CISOs) are responsible for developing and implementing an organization's security strategy. SweetPotato may help you get into this field by exposing you to the kind of techniques that malicious attackers might use. You can use this knowledge to protect data-driven organizations from these or similar attacks in the future.

See salaries and explore the career path for Chief Information Security Officer (CISO)

Data Analyst

Data Analysts work with big data and use both technical and analytical skills to uncover insights that can help organizations make better decisions, increase revenue, or streamline operations. SweetPotato may help you get into this field by exposing you to the kind of techniques that malicious attackers might use. You can use this knowledge to take steps to protect data-driven organizations from these or similar attacks in the future.

See salaries and explore the career path for Data Analyst

Reading list

We've selected six books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Privilege Escalation with SweetPotato.