ATT&CK v18 has been released! Check out the blog post or changelog for more information.

Detection of Exploitation for Privilege Escalation

Technique Detected: Exploitation for Privilege Escalation | T0890

ID: DET0738

Domains: ICS

Analytics: AN1871

Version: 1.0

Created: 21 October 2025

Last Modified: 21 October 2025

Version Permalink

Live Version

Analytics

AN1871

Detecting software exploitation may be difficult depending on the tools available. Software exploits may not always succeed or may cause the exploited process to become unstable or crash.

Log Sources

Data Component	Name	Channel
Application Log Content (DC0038)	Application Log	None