Clankerusecase
MITRE ATT&CK detection coverage
 ← Back to main site
Home/ MITRE Matrix/ Privilege Escalation/ T1548

T1548Abuse Elevation Control Mechanism

T1548 — Abuse Elevation Control Mechanism is a MITRE ATT&CK technique in the Privilege Escalation tactic. Clankerusecase tracks 11 detection use cases covering it and 1 threat-intel article citing it.

Privilege Escalation
View on the matrix → Filter Detection Library MITRE official spec ↗
11Use cases
1Articles
6Sub-techniques
1Tactic

Sub-techniques (6)

T1548.002 · Bypass User Account ControlT1548.004 · Elevated Execution with PromptT1548.001 · Setuid and SetgidT1548.003 · Sudo and Sudo CachingT1548.006 · TCC ManipulationT1548.005 · Temporary Elevated Cloud Access

Use cases covering this technique (11)

AWS IAM AdministratorAccess policy applied to a user Internal install · alerting DDCW Azure AD member assigned Global Administrator role Internal install · alerting DD Kubernetes pod created with privileged flag Internal install · alerting DD Allow Operation with Consent Admin ESCU actions · alerting P Linux Persistence and Privilege Escalation Risk Behavior ESCU actions · alerting P Linux Telnet Authentication Bypass ESCU actions · alerting P Services Escalate Exe ESCU actions · alerting P Windows Privilege Escalation Suspicious Process Elevation ESCU actions · alerting P Windows Privilege Escalation System Process Without System Parent ESCU actions · alerting P Windows Privilege Escalation User Process Spawn System Process ESCU actions · alerting P [LLM] PraisonAI Platform member role mutation endpoint hit (CVE-2026-47407 privilege escalation) Bespoke actions · alerting SΣPDDCW

Articles citing this technique (1)

crit [GHSA / CRITICAL] CVE-2026-47407: PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation art-164