A penetration tester gains access to a target system through a vulnerability in a third-party...

According to the CEH attack methodology, once an attacker obtains initial access—whether through exploitation, misconfiguration, or credential compromise—the next critical phase is privilege escalation. Gaining system-level or administrative control is essential for maintaining persistence, accessing protected data, modifying system configurations, and pivoting further into the network. Privilege escalation exploits target kernel flaws, misconfigured services, improper permission settings, or vulnerable drivers. CEH emphasizes that performing a DoS attack disrupts the engagement and provides no strategic advantage. Similarly, CSRF targets web applications rather than operating systems, and brute-force password attempts are inefficient, noisy, and often ineffective once local access has already been established. By leveraging privilege escalation techniques, the tester converts limited user access into full system control, enabling comprehensive post-exploitation activities aligned with CEH system hacking procedures.