new
Academy
Enterprise
Defensive
Learn how attackers abuse core Windows mechanisms in new Academy module
The Privilege Escalation Tradecraft Analysis module covers the analytical study of privilege escalation tradecraft on Windows, from its role in the attack lifecycle to how it can be detected and investigated. While completing this module, you will analyze real-world techniques and exploits to understand how they work internally and learn how to translate this knowledge into effective and reliable detection strategies.
Key learning outcomes:
- Exploring where Windows privilege escalation fits within the attack lifecycle and how elevated access enables attacker objectives
- Breaking down Windows privilege escalation tradecraft by examining abuse of UAC, access tokens, services, kernel drivers, and COM infrastructure
- Recognizing and deconstructing real-world Windows privilege escalation techniques, including UAC bypasses, access token manipulation, and service account abuse
- Leveraging reverse engineering, debugging, and API call flow analysis to reveal how privilege escalation exploits function under the hood
- Connecting privilege escalation behavior to MITRE ATT&CK and converting technical insight into practical detection, investigation, and response strategies
