Closed qjerome closed 2 years ago
https://blog.menasec.net/2022/04/auditing-protected-lsass-runasppl.html
RunAsPPL seems to apply only to LSASS, a more reliable approach would be to use Windows API -> try to use: https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-getprocessinformation
https://blog.menasec.net/2022/04/auditing-protected-lsass-runasppl.html
RunAsPPL seems to apply only to LSASS, a more reliable approach would be to use Windows API -> try to use: https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-getprocessinformation