diff --git a/windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens.md b/windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens.md index b386f0566..9f0245e1c 100644 --- a/windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens.md +++ b/windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens.md @@ -74,7 +74,7 @@ SeCreateTokenPrivilege is a powerful permission, especially useful when a user p ### SeLoadDriverPrivilege -Thi privilege allows to **load and unload device drivers** with the creation of a registry entry with specific values for `ImagePath` and `Type`. Since direct write access to `HKLM` (HKEY\_LOCAL\_MACHINE) is restricted, `HKCU` (HKEY\_CURRENT\_USER) must be utilized instead. However, to make `HKCU` recognizable to the kernel for driver configuration, a specific path must be followed. +This privilege allows to **load and unload device drivers** with the creation of a registry entry with specific values for `ImagePath` and `Type`. Since direct write access to `HKLM` (HKEY\_LOCAL\_MACHINE) is restricted, `HKCU` (HKEY\_CURRENT\_USER) must be utilized instead. However, to make `HKCU` recognizable to the kernel for driver configuration, a specific path must be followed. This path is `\Registry\User\\System\CurrentControlSet\Services\DriverName`, where `` is the Relative Identifier of the current user. Inside `HKCU`, this entire path must be created, and two values need to be set: