YoVDO

Detecting Access Token Manipulation

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Windows Security Courses Frida Courses

Course Description

Overview

Explore the intricacies of Windows access token manipulation attacks in this 39-minute Black Hat conference talk. Delve into the complex world of Windows security internals, including logon sessions, access tokens, UAC, and network authentication protocols like Kerberos and NTLM. Gain insights into how attackers exploit legitimate Windows functionality for lateral movement and domain compromise. Learn effective detection strategies to identify these attacks at scale across enterprises. Discover the inner workings of logon sessions, access tokens, network authentication, and impersonation techniques. Examine various token manipulation methods, including NETONLY, CreateProcessWithLogon, Pass-The-Ticket, and Overpass-the-hash. Understand the Frida Basic Shocking template and its applications. Equip yourself with the knowledge to detect and mitigate access token manipulation attacks, bridging the gap between offensive tactics and defensive practices in Windows environments.

Syllabus

Intro
Objectives
Agenda
Logon Sessions and Access Tokens
Network Authentication
Impersonation
Initial Compromise
Token Manipulation: The Art of the possible
NETONLY
CreateProcessWithLogonW
Pass-The-Ticket
Overpass-the-hash
Frida Basic Shocking template
Detecting Access Token Manipulation
Conclusion


Taught by

Black Hat

Related Courses

Cybersecurity Roles, Processes & Operating System Security
IBM via Coursera
Operating Systems and Security
IBM via edX
Hacking in Practice: Intensive Ethical Hacking MEGA Course
Udemy
The Complete Cyber Security Course : Hackers Exposed!
Udemy
Learning Computer Security and Internet Safety
LinkedIn Learning