privilege-escalation
Safeguard articles tagged "privilege-escalation" — guides, analysis, and best practices for software supply chain and application security.
43 articles
AWS IAM: common vulnerabilities and fixes
Rhino Security Labs catalogs 21+ IAM privilege-escalation paths to full admin — most start with one over-scoped policy nobody remembers writing.
Common AWS IAM privilege-escalation paths and how to design least privilege
Rhino Security Labs cataloged 21 distinct AWS IAM privilege-escalation methods in 2018 — most still work today, and most are invisible to a manifest scan.
A guide to AWS IAM permissions boundaries for delegated administration
AWS IAM lets any principal with iam:CreateRole and iam:AttachRolePolicy hand themselves admin — permissions boundaries are the one native control built to stop it.
CTF Writeup: Container SETUID Escape Techniques
A container-local root shell is not the flag. CVE-2019-5736 and CVE-2021-4034 both show how a SETUID binary inside a container can become a host compromise.
Confluence Broken Access Control Zero-Day (CVE-2023-22515) Explained
CVE-2023-22515 let unauthenticated attackers create rogue administrator accounts on Confluence Data Center and Server. Here's the broken-access-control flaw and how to fix it.
What Is Privilege Escalation? A 2026 Explainer
Privilege escalation is how a limited foothold becomes full control. This explainer covers vertical vs. horizontal paths across Linux, containers, and cloud IAM.
Dirty Pipe (CVE-2022-0847) Explained: Overwriting Read-Only Files in the Linux Kernel
CVE-2022-0847, Dirty Pipe, let unprivileged users overwrite data in read-only files through an uninitialized pipe flag — a clean path to root. Here is the page-cache mechanism behind it.
Baron Samedit (CVE-2021-3156) Explained: The Sudo Root Overflow
CVE-2021-3156, Baron Samedit, is a heap overflow in sudo that gives any local user root and hid in plain sight for nearly a decade. Here is the root cause, a one-line test, and the patched version.
Cisco IOS XE CVE-2023-20198 Explained: The Web UI Privilege Escalation Zero-Day
CVE-2023-20198 is an unauthenticated privilege escalation in the Cisco IOS XE Web UI, rated CVSS 10.0, that let attackers implant tens of thousands of devices in days. Here is how it worked and how to remediate.
Zerologon: The Netlogon Cryptographic Flaw (CVE-2020-1472) Explained
CVE-2020-1472 let an unauthenticated attacker seize a domain controller in seconds by exploiting an all-zero AES-CFB8 initialization vector. Here's the real mechanism and the fix.
PwnKit (CVE-2021-4034) Explained: Root From a 12-Year-Old Polkit Bug
CVE-2021-4034, aka PwnKit, is a memory-corruption flaw in polkit's pkexec that gives any local user reliable root on nearly every Linux distribution. Here is how it works and how to close it.
AWS IAM permissions boundaries best practices
How AWS IAM permissions boundaries cap delegated identities, differ from SCPs, and where teams get privilege escalation wrong.