Privilege escalation is a cyberattack technique where an attacker exploits a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. It is classified into vertical (gaining higher privileges) and horizontal (gaining access to same-level peers).
Privilege escalation is the bridge between initial access and total system compromise. It allows an attacker to move from a low-level web user to root/administrator, enabling them to steal data, install persistence mechanisms (backdoors), or destroy infrastructure.
We assume breach. Our defense against privilege escalation is "Defense in Depth" and rigid isolation. We run containers as non-root, use read-only filesystems, and enforce strict kernel capabilities dropping. If a container is breached, the blast radius is contained.