Your user account can run applications and read and write to a lot of locations on the disk.
So it can be used to run malware (cryptominers, ransomware, RATs etc.) Exfiltrate the data your account has access to, download or plant malicious or illegal data, use your internet connection to attack other systems with DOS or similar, use any logged in social media accounts to attack or spam your contacts, steal saved passwords and credentials from your web browsers, use your peripherals or connected devices (printers cameras microphone speakers), pivot to access other services on your local network (smart devices, IoT, TVs, home lab) etc.
There are comparatively few things an attacker wants on a desktop that actually require root access. It’s mostly just system files, package management and settings changes that require root to mess with. Eg. You would need root to dump a shadow file or stuff like luks encryption keys from kernel memory, but if an attacker has your logged in user account, the disk is already decrypted and account is already logged in.
Most systems also use single user, you normally give yourself docker group access (I use docker for work) and that alone is equivalent to root access. It’s not the 90s anymore where universities gave user access to all students, priv escalation was a big security threat, now it almost doesn’t mean anything, nobody shares the same machine anymore the way they used to do.
Your user account can run applications and read and write to a lot of locations on the disk.
So it can be used to run malware (cryptominers, ransomware, RATs etc.) Exfiltrate the data your account has access to, download or plant malicious or illegal data, use your internet connection to attack other systems with DOS or similar, use any logged in social media accounts to attack or spam your contacts, steal saved passwords and credentials from your web browsers, use your peripherals or connected devices (printers cameras microphone speakers), pivot to access other services on your local network (smart devices, IoT, TVs, home lab) etc.
There are comparatively few things an attacker wants on a desktop that actually require root access. It’s mostly just system files, package management and settings changes that require root to mess with. Eg. You would need root to dump a shadow file or stuff like luks encryption keys from kernel memory, but if an attacker has your logged in user account, the disk is already decrypted and account is already logged in.
Most systems also use single user, you normally give yourself docker group access (I use docker for work) and that alone is equivalent to root access. It’s not the 90s anymore where universities gave user access to all students, priv escalation was a big security threat, now it almost doesn’t mean anything, nobody shares the same machine anymore the way they used to do.