Commonly Abused Windows Token Privileges: SeTcbPrivilege

Picture of Henry Zhang Henry Zhang : Sep 26, 2021 8:45:00 AM

Endpoint Hardening Technical Cybersecurity Managed Endpoint Hardening System hardening

SeTcbPrivilege— Act as part of the operating system

Determines whether a process can assume the identity of any user and thereby gain access to the resources that the user is authorized to access. Typically, only low-level authentication services require this user right. Potential access is not limited to what is associated with the user by default. The calling process may request that arbitrary additional privileges be added to the access token. The calling process may also build an access token that does not provide a primary identity for auditing in the system event logs.

GPO Setting Path

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

GPO Setting Name

Act as part of the operating system

Token Privilege

SeTcbPrivilege

Associated ATT&CK Tactic(s)

Privilege Escalation (TA0004)

Commonly Abused Windows Token Privileges: SeImpersonatePrivilege

Picture of Henry Zhang Henry Zhang : Oct 11, 2021 8:30:00 AM

SeImpersonatePrivilege — Impersonate a client after authentication Determines which programs are allowed to impersonate a user or another specified...

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE

Windows Logon Session Types: NetworkCleartext

Picture of Henry Zhang Henry Zhang : Dec 13, 2021 7:30:00 AM

Logon Type — NetworkCleartext Used to logon with credentials sent in clear text (only possible for certain services).

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE

Windows Logon Session Types: Network

Picture of Henry Zhang Henry Zhang : Nov 22, 2021 10:00:00 AM

Logon Type — Network Used to access a Windows resource (e.g. shared folder) from a system on the network.

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE