Lab Objective:

In the last lab, we assumed that you had obtained access to a user on the Domain Controller who had access to the SeBackupPrivilege

For the first part of this lab, we’ll assume that we have control of a user with the SeDebugPrivilege that also has access to a Domain Client.

What is the SeDebugPrivilege?

Here’s what happens when you start a process or service on Windows:

The SeDebugPrivilege is one of the most dangerous privileges you can assign to a user.

The LSASS.exe process and its essential presence on Windows.

The lsass.exe process, short for Local Security Authority Subsystem Service, is a crucial component of the Windows operating system responsible for enforcing security policies. Its primary functions include handling authentication processes, managing user logins, password changes, and creating access tokens. It verifies users logging into the computer or server, processes password changes, and writes to the Windows Security Log.

Key Points about lsass.exe:

Access Control: