Obtain process token privileges #207
Labels
good first issue
needs: docs
Indicates that the issue needs documentation updates
needs: filters
Indicates that new filters should be added
scope: filters
Anything related to filters
scope: process
Anything related to process state
Comments
rabbitstack
added
needs: docs
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
To get the list of privileges held by the process, we can use the
GetTokenInformationAPI passing theTokenPrivilegestoken information class. After the list of available privileges is retrieved, they can be resolved to human-readable strings by using theLookupPrivilegeNameAPI function.The privileges should be part of the process state and can be used in filters to determine what privileges the process has.
References
https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-lookupprivilegenamew
https://learn.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-gettokeninformation
The text was updated successfully, but these errors were encountered: