Access Token Manipulation

Prerequisites:

Welcome to this module on Access Token Manipulation. As an integral part of the Windows operating system, access tokens are used to control user and application access to system resources. Access token manipulation techniques allow attackers to elevate privileges, perform reconnaissance, and move laterally within the network. Understanding these techniques is crucial for effective threat hunting, detection engineering, and incident response.

In this module, we will explore the fundamentals of investigating access token manipulation. We will then delve into various access token manipulation concepts and techniques, including:

Access token types
Impersonation and delegation
Token theft
Process creation with token
Parent process ID spoofing

The events in your SIEM can be found in the following timespan: 12 Apr 2023 - 13 Apr 2023.

Analyst

$17.49

/mo

14 Days Free

Explore realistic pre-recorded attacks

Master full-featured defensive platforms

Browser-based challenges and modules

Extended attack videos

Grants access to Analyst content. You can cancel any time by returning to this page and following the cancellation steps.

Defender

$44.49

/mo

Instant fully interactive labs

Hands-on prevention and detection

Master offensive techniques

Security engineering exercises

Highly realistic and dynamic scenarios

Access to all Analyst-level content

Grants access to all Defender content, Analyst content and interactive lab environments. You can cancel any time by returning to this page and following the cancellation steps.