Skip to content

Obtain process token privileges #207

New issue
New issue
Open
Open
Obtain process token privileges#207
Labels
good first issueneeds: docsIndicates that the issue needs documentation updatesneeds: filtersIndicates that new filters should be addedscope: filtersAnything related to filtersscope: processAnything related to process state
@rabbitstack

Description

@rabbitstack
rabbitstack
opened on Nov 3, 2023

Description

To get the list of privileges held by the process, we can use the GetTokenInformation API passing the TokenPrivileges token information class. After the list of available privileges is retrieved, they can be resolved to human-readable strings by using the LookupPrivilegeName API function.
The privileges should be part of the process state and can be used in filters to determine what privileges the process has.

References

https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-lookupprivilegenamew
https://learn.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-gettokeninformation

Metadata

Metadata

Assignees

No one assigned

    Labels

    good first issueneeds: docsIndicates that the issue needs documentation updatesneeds: filtersIndicates that new filters should be addedscope: filtersAnything related to filtersscope: processAnything related to process state

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions