✨
Tech Stuff
  • Welcome
  • Threat Hunting
    • Learning ETW
      • Logman
      • SilkETW
      • Apply ETW to Windows Event (1)
    • Learning win32evtlog in python
  • Attack Simulation
    • Atomic Red Team
  • Tools
    • Windows Events Providers Explorer
    • FRIDA for iOS app penetration testing
  • Windows Security
    • User Account Control (UAC)
      • UAC Bypass
  • Windows OS Penetration Testing
    • Metasploit
    • PowerShell
    • Bloodhound
  • Unorganized Python
  • Python - pexpect
  • Python - subprocess for Windows
  • Parsing evtx to json
  • Python - Pykd
  • Workflow
    • Kali Linux on Docker
Powered by GitBook
On this page
  • Basic Understanding
  • Reference

Was this helpful?

  1. Windows Security

User Account Control (UAC)

PreviousFRIDA for iOS app penetration testingNextUAC Bypass

Last updated 4 years ago

Was this helpful?

Basic Understanding

UAC relies on access token which conains the information about the level of access that the user is granted. There are two types of access token we need to know for UAC:

  1. Adminstrator access token

  2. Standard user access token

By default, all apps run as standard user access token. The UAC will be involved, only if the app is going to perform administrative task and the existing token does not have the required level of access.

Reference

Example of logon process, copied from docs.microsoft.com
LogoUser Account Control Group Policy and registry key settings (Windows) - Windows securitydocsmsft
LogoHow User Account Control works (Windows) - Windows securitydocsmsft
LogoUser Account Control security policy settings (Windows) - Windows securitydocsmsft