Walks Enabled privileges
Usage
- SeDebugPrivilege enabled unexpectedly
→ Escalation likely. - etc
Commands
# List process privileges (Vol2)
vol.py -f <mem> --profile=<profile> privs -p <PID>
# List process privileges (Vol3)
python3 vol.py -f <mem> windows.privilegess --pid <PID>