← Back to ATT&CK index
T1548.002sub-technique
Bypass User Account Control
View on attack.mitre.org →4 syscalls implement this technique
- NtOpenProcessTokenEx
Opens the access token of a process and lets the caller specify handle attributes such as OBJ_INHERIT.
- NtQueryInformationToken
Retrieves a specified class of information about an access token.
- NtSetInformationToken
Writes a property on an access token — integrity level, session id, owner, default DACL, audit policy, linked token.
- NtDuplicateToken
Creates a new access token that duplicates an existing token, optionally changing its type and impersonation level.