Commonly Abused Windows Token Privileges: SeTakeOwnershipPrivilege

Picture of Henry Zhang Henry Zhang : Nov 8, 2021 9:30:00 AM

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening

SeTakeOwnershipPrivilege — Take ownership of files or other objects

Determines which users can take ownership of any securable object in the device, including Active Directory objects, NTFS files and folders, printers, registry keys, services, processes, and threads.

Every object has an owner, whether the object resides in an NTFS volume or Active Directory database. The owner controls how permissions are set on the object and to whom permissions are granted.

By default, the owner is the person who or the process which created the object. Owners can always change permissions to objects, even when they are denied all access to the object.

GPO Setting Path

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

GPO Setting Name

Take ownership of files or other objects

Token Privilege

SeTakeOwnershipPrivilege

Associated ATT&CK Tactic(s)

Privilege Escalation (TA0004), Defense Evasion (TA0005), Collection (TA0009), Impact (TA0040)

Commonly Abused Windows Token Privileges: SeRestorePrivilege

Picture of Henry Zhang Henry Zhang : Nov 1, 2021 9:45:00 AM

SeRestorePrivilege — Restore files and directories Determines which users can bypass file, directory, registry, and other persistent object...

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE

Commonly Abused Windows Token Privileges: SeBackupPrivilege

Picture of Henry Zhang Henry Zhang : Sep 20, 2021 7:45:00 AM

SeBackupPrivilege — Back up files and directories Determines which users can bypass file and directory, registry, and other persistent object...

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE

Commonly Abused Windows Token Privileges: SeCreateTokenPrivilege

Picture of Henry Zhang Henry Zhang : Sep 27, 2021 8:00:00 AM

SeCreateTokenPrivilege — Create a token object Determines which accounts a process can use to create a token, and which accounts it can then use to...

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE