SlideShare a Scribd company logo
UNDERSTANDING
WINDOWS ACCESS
TOKEN MANIPULATION
Justin Bui (@slyd0g)
FINDING ALTERNATIVES TO
WINLOGON.EXE
WHO AM I?
▪ @slyd0g
▪ Red teamer at SpecterOps
▪ Interested in all things security
and skateboarding
2
GOALS
1. Windows authentication and access tokens
2. Understanding access token manipulation
3. Impersonating SYSTEM with access token theft
4. Finding alternatives to winlogon.exe
3
1.
WINDOWS
AUTHENTICATION &
ACCESS TOKENS
What are access tokens? How do we
obtain them? What are they used for?
“An access token is an object
that describes the security
context of a process or
thread. The information in a
token includes the identity
and privileges of the user
account associated with the
process or thread.
5 https://docs.microsoft.com/en-us/windows/win32/secauthz/access-tokens
SECURITY PRINCIPALS
- Security principals are any entity that can be
authenticated by the OS
- User accounts
- Computer accounts
- Security groups
- Processes/threads
- Basis of controlling access to securable objects in
Windows
- Represented in the OS by a unique security identifier
(SID)
6 https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/security-principals
WINDOWS AUTHENTICATION
- User authenticates with credentials
- Logon session is created
- Windows returns user SID and group SIDs
- Local Security Authority (LSA) creates an access
token
- Successful authentication with credentials -> Logon
session -> Token -> Process/Thread
- Credentials may be stored in memory based on
logon type
7 https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/security-principals
WINDOWS LOGON SCENARIOS
- Interactive logon (credentials in lsass.exe)
- Console login (type 2)
- RDP (type 10)
- PsExec (type 2)
- Network logon (credentials are not in memory)
- WMI (type 3)
- WinRM (type 3)
- Smart card logon
- Biometric logon
8 https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material
WHAT IS AN ACCESS TOKEN?
- Kernel object that describes the security context of a
process/thread
- Contain the following information:
- User account security identifier (SID)
- Group SIDs
- Logon SID
- Owner SID
- List of privileges held by user/group
- Token integrity level
- Token type (primary/impersonation)
9 https://docs.microsoft.com/en-us/windows/win32/secauthz/access-tokens
PURPOSE OF AN ACCESS TOKEN?
- Every process created by the user will receive a copy of
the access token
- When a thread attempts to access a securable object or
perform a task that requires privilege, Windows checks
the access token
- By default, a thread will use the primary token of a
process
10 https://docs.microsoft.com/en-us/windows/win32/secauthz/access-tokens
ACCESS TOKENS IN ACTION
- Example: User opens PowerShell.exe and runs
Get-Content C:test.txt
- PowerShell.exe receives a copy of the user’s access token
- Thread running Get-Content uses PowerShell.exe’s
primary access token by default
- Files are a securable object in Windows!
- OS compares access token to discretionary access
control list (DACL) on C:test.txt
- If user has permission to read the file, access is
granted
11 https://docs.microsoft.com/en-us/windows/win32/secauthz/access-control-lists
SUMMARY
- When a user successfully authenticates an access token
is created
- Every process created by the user will receive a copy
of the access token
- Windows checks the access token when a thread
attempts to access a securable object or perform a task
that requires privilege
- Attackers care about access tokens resulting from
interactive logons
12
2.
ACCESS TOKEN
MANIPULATION
How do we steal an access token?
14
STEALING ACCESS TOKENS
OPENPROCESS DOCS
15 https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocess
1 – OPENPROCESS
- Specify a process ID (PID)
- Request with one of the permissions:
- PROCESS_ALL_ACCESS
- PROCESS_QUERY_INFORMATION
- PROCESS_QUERY_LIMITED_INFORMATION
- Returns a process handle
- Allows us to interact with the process object
16 https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocess
OPENPROCESSTOKEN DOCS
17 https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocesstoken
2 – OPENPROCESSTOKEN
- Pass in process handle from OpenProcess
- Permissions needed for ImpersonateLoggedOnUser:
- TOKEN_QUERY
- TOKEN_DUPLICATE
- Permissions needed for DuplicateTokenEx:
- TOKEN_DUPLICATE
- Returns a token handle
- Allows us to interact with the token object
18 https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocesstoken
IMPERSONATELOGGEDONUSER DOCS
19 https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-impersonateloggedonuser
3A – IMPERSONATELOGGEDONUSER
- Pass in token handle from OpenProcessToken
- Current thread will impersonate user specified by
access token
- Effectively “become” that user
- Interact with OS using impersonated
permissions :)
- RevertToSelf reverts impersonated permissions
20 https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-impersonateloggedonuser
DUPLICATETOKENEX DOCS
21 https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-duplicatetokenex
3B – DUPLICATETOKENEX
- Pass in token handle from OpenProcessToken
- Permissions needed for
CreateProcessWithTokenW:
- TOKEN_QUERY
- TOKEN_DUPLICATE
- TOKEN_ASSIGN_PRIMARY
- TOKEN_ADJUST_DEFAULT
- TOKEN_ADJUST_SESSIONID
- Returns a new token handle useable with
CreateProcessWithTokenW
22 https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-duplicatetokenex
CREATEPROCESSWITHTOKENW DOCS
23 https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createprocesswithtokenw
4 – CREATEPROCESSWITHTOKENW
- Pass in token handle from DuplicateTokenEx
- Takes path to executable, command line
arguments, logon type, STARTUPINFO structure
- Creates process with stolen access token!
24 https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createprocesswithtokenw
PUTTING IT ALL TOGETHER
25 https://github.com/slyd0g/PrimaryTokenTheft
ATTACKER USE CASE
- Impersonate another user with running
processes from interactive logon
- Lateral movement
- Domain escalation
- Spawn processes as another user
- Impersonate SYSTEM
- Get all the privileges
26
3.
IMPERSONATING
SYSTEM
Getting all the privileges
https://twitter.com/monoxgas/status/1109892490566336512
28
STEALING A SYSTEM TOKEN
29
4.
ALTERNATIVES TO
WINLOGON.EXE
Do they exist? What security
permissions allow this?
METHODOLOGY
ASK A
QUESTION
CREATE A
CONCLUSION
PERFORM AN
EXPERIMENT
31
REPEAT
METHODOLOGY (CONT.)
1. Ask a question
- Do other processes like winlogon.exe exist?
2. Perform an experiment
- Bruteforce list of SYSTEM processes
3. Create a conclusion
- ???
32
Access denied during OpenProcess :(
33
Access denied during OpenProcessToken :(
34
Success! :)
35
CREATE A CONCLUSION
- Other SYSTEM processes can also have their
access token stolen!
- lsass.exe
- OfficeClickToRun.exe
- dllhost.exe
- unsecapp.exe
- Why does this work?
36
��
REPEAT
1. Ask a question
- What security settings cause this behavior?
2. Perform an experiment
- Compare winlogon.exe to “known good”
processes
3. Create a conclusion
- ???
37
https://twitter.com/monoxgas/status/1109892490566336512
38
COMPARING SESSION ID
39
ADVANCED SECURITY SETTINGS
40
ADVANCED SECURITY SETTINGS
41
ADVANCED SECURITY SETTINGS
42
SECURITY DESCRIPTORS
43
THE BREAKTHROUGH!
44
THE BREAKTHROUGH!
45
WHAT IS OWNER?
- Owner field in Process Explorer
refers to TokenOwner
- Value from
TOKEN_INFORMATION_CLASS
- Enumerate with
GetTokenInformation
46
GET-TOKEN.PS1
47
PowerShell script to enumerate all Process and
Thread tokens. Thanks vector-sec!
UserName vs OwnerName
- TOKEN_USER identifies the user associated
with the access token
- TOKEN_OWNER identifies the user who is
owner of any process created with the access
token
- This was the key distinction we were looking
for!
48
Get-Token | Where-Object {$_.UserName -eq ‘NT AUTHORITYSYSTEM’ -and
$_.OwnerName -ne ‘NT AUTHORITYSYSTEM’} | Select-Object
ProcessName,ProcessID | Format-Table49
CREATE A CONCLUSION
- Successful token theft
- winlogon.exe
- lsass.exe
- dllhost.exe
- unsecapp.exe
- svchost.exe
- ...
- Unsuccessful token theft
- csrss.exe
- services.exe
- smss.exe
- wininit.exe
- Memory
Compression.exe
- Why did these processes
fail?
50 ��
REPEAT
1. Ask a question
- What security settings cause this behavior?
2. Perform an experiment
- Look for a common property in the
‘problematic’ processes
3. Create a conclusion
- ???
51
Taking a look at wininit.exe and csrss.exe
52
OPENPROCESS ERRORS
53
OPENPROCESS ERRORS
54
PROTECTED
55
56 https://docs.microsoft.com/en-us/windows/win32/procthread/process-security-and-access-rights
Will this work? Only one way to find out!
57
STEALING TOKEN FROM PPL PROCESS
58
IMPORTANCE OF CHALLENGING ASSUMPTIONS
59
Documentation for
OpenProcessToken and
OpenProcess 😹
CREATE A CONCLUSION
PROCESS_QUERY_INFORMATION
- winlogon.exe
- lsass.exe
- dllhost.exe
- unsecapp.exe
- svchost.exe (some PIDs)
- OfficeClickToRun.exe
- Sysmon64.exe
- VGAuthService.exe
- vmacthlp.exe
- vmtoolsd.exe
PROCESS_QUERY_LIMITED_INFORMATION
- csrss.exe
- services.exe
- smss.exe
- wininit.exe
- Memory Compression.exe
60
REFERENCES
- https://posts.specterops.io/understanding-and-defending-agai
nst-access-token-theft-finding-alternatives-to-winlogon-exe-
80696c8a73b
- https://github.com/slyd0g/PrimaryTokenTheft
- https://docs.microsoft.com/en-us/
- https://ired.team/offensive-security/privilege-escalation/t1134
-access-token-manipulation
- https://twitter.com/monoxgas/status/1109892490566336512
- https://gist.github.com/vector-sec/a049bf12da619d9af8f9c7d
bd28d3b56
61
THANK YOU
- Big thanks to my coworkers Matt Graeber and Jared Atkinson for
helping me dig into these topics as well as pushing me to look
into some detections (which I unfortunately didn’t have time to
cover here)
- Thanks to Brian Reitz for the awesome THPS2 photoshop :D
- Thank you HushCon.
- Thank you for coming and listening!
62
THANK YOU!
Any questions?
You can find me at:
@slyd0g
justin@specterops.io
63

More Related Content

What's hot

Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
GIBIN JOHN
 
PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)
Will Schroeder
 
Attacker's Perspective of Active Directory
Attacker's Perspective of Active DirectoryAttacker's Perspective of Active Directory
Attacker's Perspective of Active Directory
Sunny Neo
 
Mimikatz
MimikatzMimikatz
Social Engineering the Windows Kernel by James Forshaw
Social Engineering the Windows Kernel by James ForshawSocial Engineering the Windows Kernel by James Forshaw
Social Engineering the Windows Kernel by James Forshaw
Shakacon
 
PE File Format
PE File FormatPE File Format
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter Himself
Sergey Soldatov
 
Passwords#14 - mimikatz
Passwords#14 - mimikatzPasswords#14 - mimikatz
Passwords#14 - mimikatz
Benjamin Delpy
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
MITRE ATT&CK
 
Hunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureHunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows Infrastructure
Sergey Soldatov
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
Sergey Soldatov
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 
Not a Security Boundary
Not a Security BoundaryNot a Security Boundary
Not a Security Boundary
Will Schroeder
 
Windows Operating System Archaeology
Windows Operating System ArchaeologyWindows Operating System Archaeology
Windows Operating System Archaeology
enigma0x3
 
aclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundaclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHound
DirkjanMollema
 
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Digit Oktavianto
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEF
Jorge Orchilles
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Coding
bilcorry
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
 
Walking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOS
Walking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOSWalking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOS
Walking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOS
Cody Thomas
 

What's hot (20)

Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
 
PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)
 
Attacker's Perspective of Active Directory
Attacker's Perspective of Active DirectoryAttacker's Perspective of Active Directory
Attacker's Perspective of Active Directory
 
Mimikatz
MimikatzMimikatz
Mimikatz
 
Social Engineering the Windows Kernel by James Forshaw
Social Engineering the Windows Kernel by James ForshawSocial Engineering the Windows Kernel by James Forshaw
Social Engineering the Windows Kernel by James Forshaw
 
PE File Format
PE File FormatPE File Format
PE File Format
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter Himself
 
Passwords#14 - mimikatz
Passwords#14 - mimikatzPasswords#14 - mimikatz
Passwords#14 - mimikatz
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
 
Hunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureHunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows Infrastructure
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
 
Not a Security Boundary
Not a Security BoundaryNot a Security Boundary
Not a Security Boundary
 
Windows Operating System Archaeology
Windows Operating System ArchaeologyWindows Operating System Archaeology
Windows Operating System Archaeology
 
aclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHoundaclpwn - Active Directory ACL exploitation with BloodHound
aclpwn - Active Directory ACL exploitation with BloodHound
 
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEF
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Coding
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
Walking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOS
Walking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOSWalking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOS
Walking the Bifrost: An Operator's Guide to Heimdal & Kerberos on macOS
 

Similar to Understanding Windows Access Token Manipulation

The Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf Hecht
The Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf HechtThe Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf Hecht
The Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf Hecht
Asaf Hecht
 
Secure containers for trustworthy cloud services: business opportunities
 Secure containers for trustworthy cloud services: business opportunities Secure containers for trustworthy cloud services: business opportunities
Secure containers for trustworthy cloud services: business opportunities
ATMOSPHERE .
 
Reversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8   malware memory forensicsReversing & malware analysis training part 8   malware memory forensics
Reversing & malware analysis training part 8 malware memory forensics
Abdulrahman Bassam
 
Internal penetration test_hitchhackers_guide
Internal penetration test_hitchhackers_guideInternal penetration test_hitchhackers_guide
Internal penetration test_hitchhackers_guide
Darin Fredde
 
Basic malware analysis
Basic malware analysis Basic malware analysis
Basic malware analysis
Cysinfo Cyber Security Community
 
ethical-hacking-18092013112412-ethical-hacking.ppt
ethical-hacking-18092013112412-ethical-hacking.pptethical-hacking-18092013112412-ethical-hacking.ppt
ethical-hacking-18092013112412-ethical-hacking.ppt
ricagip499
 
DEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menace
DEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menaceDEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menace
DEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menace
Felipe Prado
 
In The Middle of Printers –The (In)Security of Pull Printing Solutions
In The Middle of Printers –The (In)Security of Pull Printing SolutionsIn The Middle of Printers –The (In)Security of Pull Printing Solutions
In The Middle of Printers –The (In)Security of Pull Printing Solutions
SecuRing
 
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
Jakub Kałużny
 
Pre-Compliance Accreditation Tool for Python
Pre-Compliance Accreditation Tool for PythonPre-Compliance Accreditation Tool for Python
Pre-Compliance Accreditation Tool for Python
Justin Dierking
 
PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016
Russel Van Tuyl
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)
Wail Hassan
 
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 -  Advanced Malware AnalysisReversing & Malware Analysis Training Part 9 -  Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
securityxploded
 
Advanced Malware Analysis Training Session 7 - Malware Memory Forensics
Advanced Malware Analysis Training Session 7  - Malware Memory ForensicsAdvanced Malware Analysis Training Session 7  - Malware Memory Forensics
Advanced Malware Analysis Training Session 7 - Malware Memory Forensics
securityxploded
 
Not a Security Boundary: Bypassing User Account Control
Not a Security Boundary: Bypassing User Account ControlNot a Security Boundary: Bypassing User Account Control
Not a Security Boundary: Bypassing User Account Control
enigma0x3
 
NSC #2 - D3 05 - Alex Ionescu- Breaking Protected Processes
NSC #2 - D3 05 - Alex Ionescu- Breaking Protected ProcessesNSC #2 - D3 05 - Alex Ionescu- Breaking Protected Processes
NSC #2 - D3 05 - Alex Ionescu- Breaking Protected Processes
NoSuchCon
 
I Hunt Sys Admins
I Hunt Sys AdminsI Hunt Sys Admins
I Hunt Sys Admins
Will Schroeder
 
Understanding Windows Lateral Movements
Understanding Windows Lateral MovementsUnderstanding Windows Lateral Movements
Understanding Windows Lateral Movements
Daniel López Jiménez
 
Hacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAMHacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAM
Jerod Brennen
 
Sandboxie process isolation with kernel hooks
Sandboxie process isolation with kernel hooksSandboxie process isolation with kernel hooks
Sandboxie process isolation with kernel hooks
KarlFrank99
 

Similar to Understanding Windows Access Token Manipulation (20)

The Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf Hecht
The Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf HechtThe Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf Hecht
The Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf Hecht
 
Secure containers for trustworthy cloud services: business opportunities
 Secure containers for trustworthy cloud services: business opportunities Secure containers for trustworthy cloud services: business opportunities
Secure containers for trustworthy cloud services: business opportunities
 
Reversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8   malware memory forensicsReversing & malware analysis training part 8   malware memory forensics
Reversing & malware analysis training part 8 malware memory forensics
 
Internal penetration test_hitchhackers_guide
Internal penetration test_hitchhackers_guideInternal penetration test_hitchhackers_guide
Internal penetration test_hitchhackers_guide
 
Basic malware analysis
Basic malware analysis Basic malware analysis
Basic malware analysis
 
ethical-hacking-18092013112412-ethical-hacking.ppt
ethical-hacking-18092013112412-ethical-hacking.pptethical-hacking-18092013112412-ethical-hacking.ppt
ethical-hacking-18092013112412-ethical-hacking.ppt
 
DEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menace
DEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menaceDEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menace
DEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menace
 
In The Middle of Printers –The (In)Security of Pull Printing Solutions
In The Middle of Printers –The (In)Security of Pull Printing SolutionsIn The Middle of Printers –The (In)Security of Pull Printing Solutions
In The Middle of Printers –The (In)Security of Pull Printing Solutions
 
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
 
Pre-Compliance Accreditation Tool for Python
Pre-Compliance Accreditation Tool for PythonPre-Compliance Accreditation Tool for Python
Pre-Compliance Accreditation Tool for Python
 
PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)
 
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 -  Advanced Malware AnalysisReversing & Malware Analysis Training Part 9 -  Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
 
Advanced Malware Analysis Training Session 7 - Malware Memory Forensics
Advanced Malware Analysis Training Session 7  - Malware Memory ForensicsAdvanced Malware Analysis Training Session 7  - Malware Memory Forensics
Advanced Malware Analysis Training Session 7 - Malware Memory Forensics
 
Not a Security Boundary: Bypassing User Account Control
Not a Security Boundary: Bypassing User Account ControlNot a Security Boundary: Bypassing User Account Control
Not a Security Boundary: Bypassing User Account Control
 
NSC #2 - D3 05 - Alex Ionescu- Breaking Protected Processes
NSC #2 - D3 05 - Alex Ionescu- Breaking Protected ProcessesNSC #2 - D3 05 - Alex Ionescu- Breaking Protected Processes
NSC #2 - D3 05 - Alex Ionescu- Breaking Protected Processes
 
I Hunt Sys Admins
I Hunt Sys AdminsI Hunt Sys Admins
I Hunt Sys Admins
 
Understanding Windows Lateral Movements
Understanding Windows Lateral MovementsUnderstanding Windows Lateral Movements
Understanding Windows Lateral Movements
 
Hacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAMHacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAM
 
Sandboxie process isolation with kernel hooks
Sandboxie process isolation with kernel hooksSandboxie process isolation with kernel hooks
Sandboxie process isolation with kernel hooks
 

Recently uploaded

Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...
chetankumar9855
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
Ivanti
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
shanihomely
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
aakash malhotra
 
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Torry Harris
 
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Kunal Gupta
 
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
Jimmy Lai
 
The importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT StandardizationThe importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT Standardization
Axel Rennoch
 
Salesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot WorkshopSalesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot Workshop
CEPTES Software Inc
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
SynapseIndia
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Networks
 
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyyActive Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
RaminGhanbari2
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
ssuser1915fe1
 
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
Edge AI and Vision Alliance
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Nicolás Lopéz
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
ldtexsolbl
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
aslasdfmkhan4750
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
BrainSell Technologies
 
WhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring AppsWhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring Apps
HackersList
 

Recently uploaded (20)

Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
 
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
 
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
 
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
 
The importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT StandardizationThe importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT Standardization
 
Salesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot WorkshopSalesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot Workshop
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
 
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyyActive Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
 
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
 
WhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring AppsWhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring Apps
 

Understanding Windows Access Token Manipulation