tokens theory | PointerSec

Autoplay
Autocomplete

Previous Lesson Complete and Continue

Windows Access Tokens for Red Teamers

Theory

tokens theory (21:17)

Token Enumeration

Enumerating Username, Domainname and SID from token (36:22)
Enumerating Groups and their SIDs from token (19:39)
Enumerating Privileges from the token (16:42)
Enumerating token's owner, type (13:05)
Enumerating token id, authid, token type, impersonation level (5:30)
Enumerating logonsessions and logonsessiondata (3:51)
Enumerating token integrity level (3:47)
Enumerating logon sessions (14:59)

Adjusting Token Privileges

Enabling the privileges for a token (14:38)

Token theft

duplicatetokenexspawn (14:36)
Abusing SeDebugPrivilege (36:12)
Abusing Vulnerable process handles (37:53)
Abusing SeTCBPrivilege (31:43)
Creating process with logon - runas (6:18)
Abusing SeImpersonate Privilege (2:13)

Code Snippets

tokens.rs
lsa.rs

Teach online with

tokens theory

Lesson content locked

If you're already enrolled, you'll need to login.

Enroll in Course to Unlock