Privilege Escalation Risk Review
An assumed-breach test and broad network assessment exposed realistic paths to administrator access and turned complex findings into clear remediation priorities.

Industries
K-12 Education
Services
Vulnerability Assessment,
Penetration Testing
About the project
A public school system needed to understand whether everyday user access and uneven system maintenance could be chained into a larger compromise. With many users, devices, and network segments to protect, a weakness in one area could place administrative systems and sensitive information at risk.
The goal was to validate those risks, measure exposure across internal and external systems, and give the technology team a practical order for fixing the most important gaps.
What we did
- We combined credentialed vulnerability scanning with an assumed-breach penetration test. Starting from several ordinary user roles, we examined whether access controls, password practices, endpoint configuration, and missing updates could be linked into higher levels of access. Testing followed established NIST and OWASP guidance and focused on validating the most likely attack paths.
- Nessus Professional was used to assess a large internal and external footprint and sort findings by severity. The work identified widespread patching and configuration issues, including outdated Windows systems, weak cryptography, and devices that could not tolerate scan traffic. When a legacy device segment became unstable during scanning, that portion of testing was halted and the availability concern was documented.
- The assumed-breach work validated multiple routes from low-privilege access to administrator-level control. We mapped trust relationships, tested password strength, reviewed local administrator password permissions, and confirmed how unpatched endpoints and unencrypted drives could support privilege escalation. These demonstrations showed which control failures could be combined, rather than treating each weakness as an isolated issue.
- We delivered prioritized recommendations tied to each validated risk. The recommendations called for stronger password and lockout policies, tighter access to managed local passwords, current operating system patches, full-disk encryption, and follow-up on availability risks. The technology team received both an executive view of risk and technical detail needed to plan corrective work.
Technologies Used
Tenable IO

Microsoft Active Directory

Microsoft Windows
Blood Hound
Impacket
Hash Cat
Mimikatz
NIST
OWASP

