The ultimate goal of most hackers is to install ransomware, retrieve sensitive information (often to sell on the dark web), or take down the target organization’s critical infrastructure.
But here’s the challenge: Your average business user rarely has the privileges required to carry out these actions.
Even if the hacker has local admin rights, they still probably don’t have the access they need to successfully execute their plan.
While local admins can’t install network-wide ransomware, or disable mission-critical servers – there are a number of privileges they do have that hackers may be looking to take advantage of.
Generally, the goal at this stage is to aid a wider attack by accumulating extra privileges, performing reconnaissance, or covering their own tracks.
Here are the most important actions a hacker might take after accumulating local admin rights:
