Process is No One Hunting for Token Manipulation
Offered By: YouTube
Course Description
Overview
Explore a hypothesis-driven hunting approach for detecting access token manipulation in Windows authentication systems. Learn about the Pyramid of Pain, Tactics Techniques Procedures (TTPs), and the hunt hypothesis process through a case study. Dive into Windows authentication concepts, including logon session types, token types, and token theft techniques. Discover how to identify collection requirements, collect data points and access tokens, and analyze benign impersonation scenarios. Gain practical insights through a demonstration and understand how to exclude factors and techniques to improve detection accuracy.
Syllabus
Intro
Game of Thrones
Jared Atkinson
Robby Winchester
Hypothesisdriven hunting
Pyramid of pain
Tactics Techniques Procedures
How does this apply
The hunt hypothesis process
Case Study Detecting Access Token Manipulation
First Step Tactics
Access Token Manipulation
Windows Authentication
logon session types
token types
token theft
how it works
create process with token
make impersonate token
set thread token
identify collection requirements
collect data points
collect access tokens
get access token
benign impersonation
impersonating system token
ticket granting token
identify scope
exclude factors
exclude techniques
demo
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network