2. Secpol.msc.
3. Standard User Analyzer: https://docs.microsoft.com/en-us/windows/win32/win7appqual/standard-user-analyzer--sua--tool-and-standard-user-analyzer-wizard--sua-wizard-
4. LUA Buglight (choco install luabuglight)
Main difference between normal user and admin are:
access to registry (procmon)
access to file system (procmon)
privileges (tokenmon for WinXP and Win2003)
Manual way of finding priviliges, in Secpol.msc add to everyline where Administrators are alrady there, add a test user:
No comments:
Post a Comment