Promoting a Secure and Resilient Internet: Abuse Elevation Control Mechanism
Authors/Creators
- 1. Cabinet Riding-Up, Programme PCP-ACEFA, Cameroun.
Description
Abstract: The Abuse Elevation Control Mechanism (AECM) is a critical cybersecurity concern, as it allows attackers to bypass security controls and gain unauthorized elevated privileges. This research explores attackers' primary methods to exploit compromised credentials, including account takeover, credential stuffing, and malware installation. It also highlights key techniques such as bypassing User Account Control (UAC) and exploiting setuid/setgid on Unix-like systems. The article discusses mitigation strategies, including audit and monitoring, privileged account management, and execution prevention. Finally, it provides insights into the future of AECM, emphasizing the increasing sophistication of attacks, emerging attack vectors, and stronger defensive mechanisms. This work aims to inform cybersecurity professionals about the risks of AECM and provide actionable strategies to mitigate these threats.
Files
D105414040325.pdf
Files
(439.0 kB)
| Name | Size | Download all |
|---|---|---|
|
md5:b886aa201cf101dc5d5931614b1c5bda
|
439.0 kB | Preview Download |
Additional details
Identifiers
- DOI
- 10.35940/ijies.D1054.12040425
- EISSN
- 2319-9598
Dates
- Accepted
-
2025-04-15Manuscript received on 22 January 2025 | First Revised Manuscript received on 21 February 2025 | Second Revised Manuscript received on 16 March 2025 | Manuscript Accepted on 15 April 2025 | Manuscript published on 30 April 2025.
References
- T. M. Corporation, «Abuse Elevation Control Mechanism,» 01 2020. [En ligne]. Available: https://attack.mitre.org/techniques/T1548/. [Accès le 08 2024]
- D. B. S. Z. Michael Tremante, «The state of application security in 2023,» 03 2023. [En ligne]. Available: https://blog.cloudflare.com/application-security-2023/. [Accès le 08 2024]
- «What is Compromised Credential?,» [En ligne]. Available: https://www.silverfort.com/glossary/compromised-credential/. [Accès le 08 2024]
- C. Crane, «Compromised Credentials: 7 Ways to Fight Credential Attacks,» 07 2023. [En ligne]. Available: https://www.thesslstore.com/blog/compromised-credentials-ways-tofight-credential-attacks/. [Accès le 08 2024]
- Kalra, Y., Upadhyay, S., & Patheja, Dr. P. S. (2020). Advancements in Cyber Attacks and Security. In International Journal of Innovative Technology and Exploring Engineering (Vol. 9, Issue 4, pp. 1520–1528). DOI: https://doi.org/10.35940/ijitee.d1678.029420
- M, D. D., S, B. K., & Lal, D. (2020). Major Hurdles of Cyber Security in 21st Century. In International Journal of Engineering and Advanced Technology (Vol. 9, Issue 3, pp. 1470–1476). DOI: https://doi.org/10.35940/ijeat.c5135.029320
- Lakshmi, N. N., P. Karthik, Sai, P. S., & Vishal, A. S. (2024). Implementation of DOS Attack Using NS2. In International Journal of Emerging Science and Engineering (Vol. 12, Issue 6, pp. 1–4). DOI: https://doi.org/10.35940/ijese.f9859.12060524
- Sasikumar, H. (2021). DDoS Attack Detection and Classification using Machine Learning Models with Real Time Dataset Created. In International Journal of Recent Technology and Engineering (IJRTE) (Vol. 9, Issue 5, pp. 145–153). DOI: https://doi.org/10.35940/ijrte.e5217.019521