Windows Privilege Escalation

The Windows Privilege Escalation skill empowers AI agents to analyze local Windows environments for security vulnerabilities. It systematically identifies misconfigurations, unpatched services, and weak permissions that allow attackers to gain higher system access.

When to use it

• Assessing the security posture of a compromised Windows workstation during a penetration test.
• Identifying potential attack vectors in legacy systems running outdated service packs or drivers.
• Auditing user account configurations for excessive privileges or disabled security features like User Account Control (UAC).
• Validating the effectiveness of patch management policies by checking for known unpatched exploits.

Key capabilities

• Scans local system files and registry keys for common privilege escalation vectors.
• Checks service configurations for misconfigurations, such as missing binaries or weak permissions.
• Analyzes user group memberships to detect accounts with unnecessary administrative rights.
• Identifies running processes that could be exploited via known vulnerabilities.

Example prompts

• "Scan this Windows system for local privilege escalation vulnerabilities and list the highest risk findings."
• "Check if User Account Control is properly configured and identify any services running as SYSTEM unnecessarily."
• "Analyze the current user's group memberships and suggest ways to reduce their attack surface."

Tips & gotchas

Ensure you have appropriate permissions or are operating in a controlled lab environment, as scanning may require elevated privileges. This skill focuses on local analysis and does not interact with remote systems or networks.