Skip to main content

Permissions

IDDescriptionSignificance / Prevalence
BH12137Asks user to accept a potentially dangerous download.
BH12141Attempts to authorize against a security handler.
BH12162Changes settings that control whether websites can use features such as cookies, JavaScript, and plugins.
BH12358Grants full permission to everyone on files or directories.
BH12359Grants privileges to users on the local computer.
BH12418Marks a function as trusted.
BH12424Modifies file/directory permissions.
BH12458Obtains a reference to a security handler.
BH12470Raises the execution privilege of the current stack frame.
BH12484Removes all entries for the given user in the global object access auditing list.
BH12485Removes all entries from the global object access auditing list.
BH12500Requests permission required for a domain controller to use LDAP directory synchronization services.
BH12501Requests permission required to access Credential Manager as a trusted caller.
BH12502Requests permission required to allocate more memory for applications that run in the context of users.
BH12503Requests permission required to create a computer account.
BH12504Requests permission required to create a paging file.
BH12505Requests permission required to create a permanent object.
BH12506Requests permission required to create a symbolic link.
BH12507Requests permission required to enable volume management privileges.
BH12508Requests permission required to enumerate system information.
BH12509Requests permission required to generate audit-log entries.
BH12510Requests permission required to identify itself as a part of the trusted computer base.
BH12511Requests permission required to impersonate a client after authentication.
BH12512Requests permission required to increase the base priority of a process.
BH12513Requests permission required to increase the quota assigned to a process.
BH12514Requests permission required to load or unload a device driver.
BH12515Requests permission required to lock physical pages in memory.
BH12516Requests permission required to mark user and computer accounts as trusted for delegation.
BH12517Requests permission required to perform a number of security-related functions, such as controlling and viewing audit messages.
BH12518Requests permission required to perform backup operations.
BH12519Requests permission required to perform restore operations.
BH12520Requests permission required to read unsolicited input from a terminal device.
BH12521Requests permission required to receive notifications of changes to files or directories.
BH12522Requests permission required to shut down a system using a network request.
BH12523Requests permission required to shut down a system.
BH12524Requests permission required to take ownership of an object without being granted discretionary access.
BH12525Requests permission required to undock a laptop.
BH12526Requests permission to open other processes.
BH12539Returns the list of security policies currently available.
BH12541Revokes privileges from users on the local computer.
BH12671Tampers with local accounts or groups.
BH12706Tampers with PowerShell execution policy.
BH12722Tampers with security descriptor of a resource.
BH12759Tampers with user permissions.
BH12760Tampers with user/account privileges.
BH12822Logs out of a security handler.
BH13111Changes group ownership of a file or directory.
BH19131Enumerates certificates in digital signature.
BH19155Enumerates different directory handlers inside security handler.
BH19263Enumerates security handlers.
BH19278Enumerates signature properties.
BH19330Enumerates user/account privilege information.
BH20103Uses a Nishang command to add constrained delegation backdoor service accounts.
BH20149Uses a Nishang command to modify access-control lists to provide permissions required for the DCShadow technique.
BH20164Uses PowerSploit/Empire command to add a discretionary access-control (DACL) field to a service object returned by Get-Service.
BH20165Uses PowerSploit/Empire command to add a domain user or group to an existing domain group, assuming appropriate permissions to do so.
BH20166Uses PowerSploit/Empire command to add an ACL for a specific Active Directory object.
BH20180Uses PowerSploit/Empire command to create a new domain group (assuming appropriate permissions) and return the group object.
BH20188Uses PowerSploit/Empire command to enable a specific privilege for the current process.
BH20192Uses PowerSploit/Empire command to enumerate all services and return services for which the current user can modify the binPath.
BH20225Uses PowerSploit/Empire command to find machines on the local domain where the current user has local administrator access.
BH20278Uses PowerSploit/Empire command to return all privileges for the current or specified process ID.
BH20302Uses PowerSploit/Empire command to run commands as another user.
BH20317Uses PowerSploit/Empire command to test if the current user has administrative access to the local or a remote machine.
BH20318Uses PowerSploit/Empire command to test one or more passed services or service names against a given permission set.