Threat Hunting Workshop 17: Hunting for Privilege Escalation – Level 2

This Level 2 threat hunting workshop focuses on identifying and investigating privilege escalation techniques that attackers use to expand control inside an environment. The session centers on real world telemetry, showing how escalation activity blends into normal administrative behavior and why it is difficult to detect at scale.

Participants will work through realistic datasets to analyze process behavior, permission changes, authentication artifacts, and system modifications that indicate privilege abuse. The workshop emphasizes intelligence driven investigation, using threat intelligence to guide hypotheses and validate findings rather than relying on isolated alerts. Designed for defenders with some hunting experience, this hands on session builds confidence in tracing escalation paths and applying consistent investigative methods in production environments.