3 - Attack Group Privileges

Default groups and built-in users that can be abused for privesc. Here is a list of all of them => https://ss64.com/nt/syntax-security_groups.html

The most common groups targeted for privesc are:

Backup Operators

Event Log Readers

DnsAdmins

Hyper-V Administrators

Print Operators

Server Operators

We look for an user that's a member of at least one of these groups.

whoami /groups
PreviousSeManageVolumeNextBackup Operators

Last updated