> For the complete documentation index, see [llms.txt](https://www.ired.team/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://www.ired.team/offensive-security/privilege-escalation.md).

# Privilege Escalation

- [Primary Access Token Manipulation](https://www.ired.team/offensive-security/privilege-escalation/t1134-access-token-manipulation.md): Defense Evasion, Privilege Escalation by stealing an re-using security access tokens.
- [Windows NamedPipes 101 + Privilege Escalation](https://www.ired.team/offensive-security/privilege-escalation/windows-namedpipes-privilege-escalation.md)
- [DLL Hijacking](https://www.ired.team/offensive-security/privilege-escalation/t1038-dll-hijacking.md): DLL Search Order Hijacking for privilege escalation, code execution, etc.
- [WebShells](https://www.ired.team/offensive-security/privilege-escalation/t1108-redundant-access.md): Redundant Access - Webshells for evading defenses and persistence.
- [Image File Execution Options Injection](https://www.ired.team/offensive-security/privilege-escalation/t1183-image-file-execution-options-injection.md): Defense Evasion, Persistence, Privilege Escalation
- [Unquoted Service Paths](https://www.ired.team/offensive-security/privilege-escalation/unquoted-service-paths.md)
- [Pass The Hash: Privilege Escalation with Invoke-WMIExec](https://www.ired.team/offensive-security/privilege-escalation/pass-the-hash-privilege-escalation-with-invoke-wmiexec.md)
- [Environment Variable $Path Interception](https://www.ired.team/offensive-security/privilege-escalation/environment-variable-path-interception.md)
- [Weak Service Permissions](https://www.ired.team/offensive-security/privilege-escalation/weak-service-permissions.md)
