Simple play icon Course
Skills Expanded

Privilege Escalation with SweetPotato

by Ricardo Reimao

Escalating local privileges is an essential step on a red team engagement, it allows you to fully own a target machine. In this course, you'll learn privilege escalation using SweetPotato.

What you'll learn

After getting access to an account in a local machine, your job is to escalate your privileges to system-level so you can fully own the machine and gain access to sensitive data and in-memory passwords. In this course, Privilege Escalation with SweetPotato, you’ll cover how to utilize the SweetPotato tool to execute local privilege escalation attacks in a red team engagement. First, you'll explore how to leverage SweetPotato to escalate privileges using the Print Spooler service as a way to get system-level privileges. Next, you'll use the same tool to execute other known privilege escalation exploits. Finally, you'll use the system-level privileges obtained to dump all the in-memory passwords of the machine. When you’re finished with this course, you’ll have the skills and knowledge to execute Exploitation for Privilege Escalation (T1068) using SweetPotato. More importantly, knowing how these techniques can be used against you will ultimately lend to your ability as an organization, or an individual, to detect and defend against specific attack vectors.

About the author

Ricardo is a Cybersecurity Consultant based in Toronto (Canada). He has 14+ years of IT experience, 10 of them in the IT Security field. His main interests are: SIEM solutions (IBM QRadar), Enterprise Security Risk, Penetration Testing, Security processes/procedures and Network Security.

Ready to upskill? Get started