Jump to content

Using SDDL to change AV Permissions


Recommended Posts


Is anyone familiar with a technique that uses SDDL to change the permission of a service you wouldn't normally have access to stop?

Similar to here https://cqureacademy.com/blog/windows-internals/sddl

If I create a dummy service I can change the permissions but on processes like Defender and Kaspersky I get access denied even if I use psexec to escalate to nt authority... not sure if I'm doing something wrong or if it's just not possible? 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...