Commonly Abused Windows Token Privileges: SeDebugPrivilege

Picture of Henry Zhang Henry Zhang : Oct 4, 2021 7:45:00 AM

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening

SeDebugPrivilege — Debug programs

Determines which users can attach to or open any process, even a process they do not own. Developers who are debugging their own applications do not need this user right. Developers who are debugging new system components need this user right. This user right provides access to sensitive and critical operating-system components.

GPO Setting Path

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

GPO Setting Name

Debug programs

Token Privilege

SeDebugPrivilege

Associated ATT&CK Tactic(s)

Persistence (TA0003), Privilege Escalation (TA0004), Defense Evasion (TA0005), Credential Access (TA0006)

Commonly Abused Windows Token Privileges: SeAssignPrimaryTokenPrivilege

Picture of Henry Zhang Henry Zhang : Oct 25, 2021 8:30:00 AM

SeAssignPrimaryTokenPrivilege — Replace a process level token Determines which parent processes can replace the access token that is associated with...

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE

Commonly Abused Windows Token Privileges: SeCreateTokenPrivilege

Picture of Henry Zhang Henry Zhang : Sep 27, 2021 8:00:00 AM

SeCreateTokenPrivilege — Create a token object Determines which accounts a process can use to create a token, and which accounts it can then use to...

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE

Commonly Abused Windows Token Privileges: SeTcbPrivilege

Picture of Henry Zhang Henry Zhang : Sep 26, 2021 8:45:00 AM

SeTcbPrivilege— Act as part of the operating system Determines whether a process can assume the identity of any user and thereby gain access to the...

Endpoint Hardening Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE