Every serious breach has a hinge. This is it.
Privilege escalation is the moment a foothold becomes a catastrophe. You land as a low-privilege user — maybe through a phishing lure, maybe a misconfigured web app — and then you start asking the question that separates technique-memorizers from practitioners: what permissions does this identity *actually* hold, and which of those can I chain together? That question drives everything here, from a setuid binary on a Linux box to a Kerberos ticket sitting in LSASS memory to an IAM role that's three hops from Domain Admin.
The subject spreads across three terrains — OS-level escalation on Linux and Windows, Active Directory credential attacks, and cloud and container environments — and they look disconnected at first. They aren't. The logic is the same in every terrain: find the gap between what a principal is supposed to do and what its actual permissions allow. Sometimes that gap is an unpatched CVE like Dirty Pipe. More often it's a sudoers file that someone configured years ago just to make things work, or a Windows service path nobody ever put quotes around, or an NTLM handshake that doesn't care whether you know the password — only that you have the hash. Nugget works through all three terrains with you, teaching detection concepts alongside each attack rather than saving them for the end.
This isn't a platform that hands you a command to run. It's one that keeps asking *why* that command works — what the kernel race condition actually looks like, why Pass-the-Hash is entirely indifferent to password complexity, what event ID tells a defender that a golden ticket just slid through. You build the reasoning. Life will administer its own evaluations.
Start exploring Privilege Escalation tonight — three topics free, no card.
Start a 30-day free trial