Web enumeration leading to config disclosure, credential reuse for SSH access, and sudo misconfiguration for root escalation.

Web file upload or injection for RCE, internal service enumeration for credential discovery, and kernel or service misconfiguration exploitation for root access.

Certificate trust misconfiguration for internal access, credential leakage for user compromise, and sudo abuse in certificate tooling for privilege escalation.

AD server in the event of a breach: GenericWrite path via BloodHound, ShadowCredentials for account takeover, and ESC9 on the CA for administrator privileges.

Source code exposure leading to injection-based RCE, process enumeration for privilege discovery, and SUID or service abuse for root escalation.

Command injection in conversion pipeline for RCE, PATH or binary hijacking for privilege escalation, and misconfigured execution context for root access.

Environment variable injection for code execution, container or service misconfiguration for breakout, and host-level privilege escalation to root.

Exposed service exploitation for initial foothold, internal credential discovery for lateral movement, and privileged service misconfiguration for root access.

Information disclosure for credential leakage, SSH access via reused credentials, and sudo or permission misconfiguration for privilege escalation.

SMB/share enumeration for sensitive file exposure, credential extraction for user access, and SUID binary abuse for root escalation.

Exposed service RCE for initial foothold, credential harvesting for lateral movement, and SUID binary abuse for privilege escalation to root.

Web enumeration for hidden endpoint discovery, RCE for initial shell, and local service or kernel exploitation for privilege escalation.

Authentication bypass for initial access, session manipulation for foothold, and cron job abuse for privilege escalation to root.

Weak credential access for initial foothold, credential reuse for system access, and SUID binary abuse for root escalation.

AD enumeration via BloodHound, Timeroasting for machine account compromise, Helpdesk delegation abuse for privilege escalation, and RBCD-based domain admin impersonation.

Command injection in custom service for RCE, credential discovery via configuration files, and sudo misconfiguration for root privileges.

AS-REP roasting for foothold, GenericWrite abuse to recover deleted objects from the AD Recycle Bin, and ESC15 + WriteOwner chain for root.

Web exploitation for initial access, privilege escalation via misconfigured sudo policies, and AD-style delegation or permission abuse for full compromise.