ATT&CK-CN V1.0 Last Update: 2019-03 [返回索引页]

译者: 林妙倩(清华大学网络研究院网络空间安全实习生) 原创翻译作品,如果需要转载请取得翻译作者同意。

数据来源:ATT&CK Matrices

原文: https://attack.mitre.org/tactics/TA0004/

术语表: /attack/glossary

Privilege Escalation

Privilege escalation is the result of actions that allows an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. Adversaries can enter a system with unprivileged access and must take advantage of a system weakness to obtain local administrator or SYSTEM/root level privileges. A user account with administrator-like access can also be used. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege.

特权提升(提权)

特权提升是允许攻击者在系统或网络上获得更高级别权限的结果。某些工具或操作需要更高级别的权限,并且在特定操作的许多场景很可能都是必需的。攻击者使用无特权访问权限访问系统后,必须利用系统缺陷来获取本地管理员或 SYSTEM / root 级别的权限。也可以是具有类似管理员访问权限的用户帐户。获取具有攻击者实现其目标所必需的访问特定系统或执行特定操作的权限的账户也可被视为特权提升。