Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Process is No One Hunting for Token Manipulation

via YouTube

Overview

Explore a hypothesis-driven hunting approach for detecting access token manipulation in Windows authentication systems. Learn about the Pyramid of Pain, Tactics Techniques Procedures (TTPs), and the hunt hypothesis process through a case study. Dive into Windows authentication concepts, including logon session types, token types, and token theft techniques. Discover how to identify collection requirements, collect data points and access tokens, and analyze benign impersonation scenarios. Gain practical insights through a demonstration and understand how to exclude factors and techniques to improve detection accuracy.

Syllabus

Intro
Game of Thrones
Jared Atkinson
Robby Winchester
Hypothesisdriven hunting
Pyramid of pain
Tactics Techniques Procedures
How does this apply
The hunt hypothesis process
Case Study Detecting Access Token Manipulation
First Step Tactics
Access Token Manipulation
Windows Authentication
logon session types
token types
token theft
how it works
create process with token
make impersonate token
set thread token
identify collection requirements
collect data points
collect access tokens
get access token
benign impersonation
impersonating system token
ticket granting token
identify scope
exclude factors
exclude techniques
demo

Reviews

Start your review of Process is No One Hunting for Token Manipulation

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.