Process is No One Hunting for Token Manipulation
Offered By: YouTube
Course Description
Overview
Explore a hypothesis-driven hunting approach for detecting access token manipulation in Windows authentication systems. Learn about the Pyramid of Pain, Tactics Techniques Procedures (TTPs), and the hunt hypothesis process through a case study. Dive into Windows authentication concepts, including logon session types, token types, and token theft techniques. Discover how to identify collection requirements, collect data points and access tokens, and analyze benign impersonation scenarios. Gain practical insights through a demonstration and understand how to exclude factors and techniques to improve detection accuracy.
Syllabus
Intro
Game of Thrones
Jared Atkinson
Robby Winchester
Hypothesisdriven hunting
Pyramid of pain
Tactics Techniques Procedures
How does this apply
The hunt hypothesis process
Case Study Detecting Access Token Manipulation
First Step Tactics
Access Token Manipulation
Windows Authentication
logon session types
token types
token theft
how it works
create process with token
make impersonate token
set thread token
identify collection requirements
collect data points
collect access tokens
get access token
benign impersonation
impersonating system token
ticket granting token
identify scope
exclude factors
exclude techniques
demo
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube