What is `whoami` and why does it matter for security?

whoami returns the domain and username of the current process. It seems simple, but in administration and pentesting it is essential to confirm the execution context before launching privileged commands.

CMD — Current user

whoami

Full qualified domain name

whoami /fqdn

Audit token privileges with whoami /priv

The /priv parameter shows all privileges of the security token: which are enabled, disabled or removed. Essential for detecting processes with excessive privileges.

View all token privileges

whoami /priv

View security groups

whoami /groups

Full info: user + groups + privileges

whoami /all

Key privileges to watch

Privilege	Risk	Description
`SeDebugPrivilege`	High	Allows debugging any process, including LSASS
`SeImpersonatePrivilege`	High	Can be used for privilege escalation
`SeBackupPrivilege`	Medium	Allows reading any file bypassing ACLs
`SeShutdownPrivilege`	Low	Can shut down the system

Cerewro Tip: Ask "What user and privileges is Cerewro running with?" and the AI runs whoami /all, analyzes the privileges and warns you if any high-risk privilege is enabled.

What is whoami and why does it matter for security?

Audit token privileges with whoami /priv

Key privileges to watch

What is `whoami` and why does it matter for security?