A Process is No One - Hunting for Token Manipulation

A Process is No One - Hunting for Token Manipulation

Black Hat via YouTube Direct link

GetSystem

36 of 43

36 of 43

GetSystem

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

A Process is No One - Hunting for Token Manipulation

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Introduction
  2. 2 What is Hunting
  3. 3 Normal Hunt Cycle
  4. 4 Hypothesis Driven Hunting
  5. 5 Benefits
  6. 6 HypothesisDriven Hunting
  7. 7 Hacker Lifecycle
  8. 8 Mitre Attack Framework
  9. 9 Tactics Techniques Procedures
  10. 10 Tactics
  11. 11 Procedures
  12. 12 Why is this useful
  13. 13 What is this process
  14. 14 Building the hunt hypothesis
  15. 15 Identifying the tactic
  16. 16 Identifying the procedures
  17. 17 Scope
  18. 18 Documentation
  19. 19 Conclusion
  20. 20 Benefit
  21. 21 Tactics and Techniques
  22. 22 Access Token Manipulation
  23. 23 Windows Authentication
  24. 24 Access tokens
  25. 25 Token types
  26. 26 General overview
  27. 27 Token impersonation
  28. 28 Visualization
  29. 29 Create a Process
  30. 30 Make an Impostor Token
  31. 31 Create a New logon session
  32. 32 Collection Requirements
  33. 33 Collecting Access Tokens
  34. 34 Get Access Token
  35. 35 Impersonation
  36. 36 GetSystem
  37. 37 Kerberos ticket granting ticket
  38. 38 Get Kerberos ticket granting ticket
  39. 39 Make token attack
  40. 40 Scope of analysis
  41. 41 Excluded factors
  42. 42 Demo
  43. 43 Questions

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.