Domain overview
This domain covers the shift from initial code execution to deeper control. The emphasis is on local context, trust boundaries, permission mistakes and the practical abuse paths that turn footholds into stronger positions.
Related certification context
Privilege escalation is not its own certification lane here, but these OffSec tracks strongly support the host-level work in this domain.
- OffSec OSCP+ / PEN-200Foundational Linux and Windows escalation logic inside real attack chains.
- OffSec OSEP / PEN-300Deeper operator context for mature privilege paths, evasion and multi-stage internal work.
Curated public references
- GTFOBinsgtfobins.org/
- LOLBASlolbas-project.github.io/
- book.hacktricks.wiki · Linux Privilege Escalation Checklist.htmlbook.hacktricks.wiki/en/linux-hardening/linux-privilege-escalation-checklist.html
- book.hacktricks.wiki · Checklist Windows Privilege Escalation.htmlbook.hacktricks.wiki/en/windows-hardening/checklist-windows-privilege-escalation.html
- GitHub · carlospolop / PEASS-nggithub.com/carlospolop/PEASS-ng
Brief index
Introduction
Local attack paths that turn limited execution into stronger control over the target.
The Goal Of Privilege Escalation
Local attack paths that turn limited execution into stronger control over the target.
Linux Privilege Escalation
Local attack paths that turn limited execution into stronger control over the target.
Windows Privilege Escalation
Local attack paths that turn limited execution into stronger control over the target.
Macos Privilege Escalation
Local attack paths that turn limited execution into stronger control over the target.