# Privilege Escalation

Some good questions to ask after gaining a foothold with a compromised user are:<br>

* Is the user part of any group? If so, does this group has any role assigned to it?
* Does the user have any Azure Entra ID roles assigned to them?
* Which objects has this user created?
* Is this user the owner of any service principal?