> For the complete documentation index, see [llms.txt](https://kwcsec.gitbook.io/the-red-team-handbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation.md).

# Privilege Escalation

- [Hunting For Passwords](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/hunting-for-passwords.md)
- [To System](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/to-system.md)
- [New Service](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/to-system/new-service.md)
- [Named Pipe Impersonation](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/to-system/named-pipe-impersonation.md)
- [Local Exploits](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/to-system/local-exploits.md)
- [AlwaysInstallElevated](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/to-system/alwaysinstallelevated.md)
- [Hijacking Execution](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/hijacking-execution.md)
- [Environment Variable interception](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/hijacking-execution/environment-variable-interception.md)
- [DLL Hijacking](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/hijacking-execution/dll-hijacking.md)
- [Insecure Permissions](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/insecure-permissions.md)
- [Missing Services and Tasks](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/insecure-permissions/missing-services-and-tasks.md)
- [Misconfigured Registry Hives](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/insecure-permissions/misconfigured-registry-hives.md)
- [Insecure Binary Path](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/insecure-permissions/insecure-binary-path.md)
- [Unquoted Service Paths](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/insecure-permissions/unquoted-service-paths.md)
