Default groups and built-in users that can be abused for privesc. Here is a list of all of them => https://ss64.com/nt/syntax-security_groups.htmlarrow-up-right
The most common groups targeted for privesc are:
Backup Operatorsarrow-up-right
Event Log Readersarrow-up-right
DnsAdminsarrow-up-right
Hyper-V Administratorsarrow-up-right
Print Operatorsarrow-up-right
Server Operatorsarrow-up-right
We look for an user that's a member of at least one of these groups.
whoami /groups
Last updated 2 years ago