1 min read

Commonly Abused Windows Token Privileges: SeAssignPrimaryTokenPrivilege

Picture of Henry Zhang Henry Zhang : Oct 25, 2021 8:30:00 AM

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening

SeAssignPrimaryTokenPrivilege — Replace a process level token

Determines which parent processes can replace the access token that is associated with a child process.

Specifically, the “Replace a process level token” privilege determines which user accounts can call the CreateProcessAsUser() application programming interface (API) so that one service can start another. An example of a process that uses this user right is Task Scheduler, where the user right is extended to any processes that can be managed by Task Scheduler.

An access token is an object that describes the security context of a process or thread. The information in a token includes the identity and privileges of the user account that is associated with the process or thread. With this user right, every child process that runs on behalf of this user account would have its access token replaced with the process level token.

GPO Setting Path

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

GPO Setting Name

Replace a process level token

Token Privilege

SeAssignPrimaryTokenPrivilege

Associated ATT&CK Tactic(s)

Privilege Escalation (TA0004), Defense Evasion (TA0005)

Commonly Abused Windows Token Privileges: SeCreateTokenPrivilege

Picture of Henry Zhang Henry Zhang : Sep 27, 2021 8:00:00 AM

SeCreateTokenPrivilege — Create a token object Determines which accounts a process can use to create a token, and which accounts it can then use to...

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE
Taming Chrome’s Wild Side: An Epic Journey into Browser Hardening (Part 1)

Taming Chrome’s Wild Side: An Epic Journey into Browser Hardening (Part 1)

Picture of Henry Zhang Henry Zhang : Jun 18, 2024 7:00:00 AM

Introduction: The Call to Adventure Imagine you’re a knight in a medieval kingdom, tasked with protecting the realm from marauding dragons. Now,...

Webinar Senteon CISControls Cybersecurity Managed Endpoint Hardening System hardening
READ MORE

Windows Logon Session Types: Network

Picture of Henry Zhang Henry Zhang : Nov 22, 2021 10:00:00 AM

Logon Type — Network Used to access a Windows resource (e.g. shared folder) from a system on the network.

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE