Checklist - Windows Priv Esc

Best tool to look for Windows local privilege escalation vectors: WinPEAS



  • Can you write in any folder inside PATH?
  • Is there any known service binary that tries to load any non-existant DLL?
  • Can you write in any binaries folder?


  • Enumerate the network(shares, interfaces, routes, neighbours...)
  • Take a special look to network services listing on local (
  • Have you access to any handler of a process run by administrator?
  • Check if you can abuse it

And more...