SeBackupPrivilege

A practical, ordered checklist for Windows local privilege escalation during labs, CTFs, and authorised internal testing.

Active Directory machine demonstrating anonymous LDAP enumeration, password reset abuse, SeRestorePrivilege execution, and manual NTDS extraction.

Active Directory machine demonstrating exposed SMB data, credential reuse, and Backup Operators abuse to dump domain hashes.

Active Directory machine demonstrating LDAP credential capture through a printer admin panel, WinRM access, and Server Operators abuse leading to DCSync.

Active Directory machine demonstrating AS-REP Roasting, BloodHound-driven lateral movement, LSASS credential extraction, and Backup Operators abuse.