fibratus icon indicating copy to clipboard operation
fibratus copied to clipboard
verified publisher icon rabbitstack

Obtain process token privileges

Open rabbitstack opened this issue 2 years ago • 0 comments

Description

To get the list of privileges held by the process, we can use the GetTokenInformation API passing the TokenPrivileges token information class. After the list of available privileges is retrieved, they can be resolved to human-readable strings by using the LookupPrivilegeName API function. The privileges should be part of the process state and can be used in filters to determine what privileges the process has.

References

https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-lookupprivilegenamew https://learn.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-gettokeninformation

rabbitstack avatar Nov 03 '23 13:11 rabbitstack