Skip to main content
Home Cybersecurity IT & Software NETWORK & SECURITY Windows Access Tokens for Red Teamers

Windows Access Tokens for Red Teamers

Ditulis pada: February 06, 2024

Learn about windows access tokens

Preview this Course GET COUPON CODE

Windows Access Tokens for Red Teamers

What you'll learn
  • Learn about Windows access tokens
  • Token Enumeration
  • Adjusting privileges
  • Enumerating Vulnerable process, token handles
  • Taking advantage of SeDebug, SeImpersonate, SeTCBPrivileges

Description
WHAT IS TOKEN?

A process can be defined as instance of program running in memory.

A thread is unit of execution of a process. a process can have any number of threads.

An access token describes the security context of a process or thread.

access token contains information about a user, user’s groups, user’s privileges, etc.



LOGON PROCESS

Winlogon.exe is responsible for providing interface for user to enter credentials.

lsass process loads authentication packages like MSV1_0, Kerberos etc from security dlls

when user enters credentials, winlogon.exe sends to lsass process by calling lsaregisterlogonprocess, lsalookupauthenticationpackage, lsalogonuser

lsass then pass on creds to authentication packages functions. these will check sam database or domain controller if credentials are correct.

if credentials are correct, lsass creates a logonsession and creates a token and run explorer.exe



USAGE OF ACCESS TOKENS

Access tokens are checked aganist the object the process/thread trying to access.

If user is trying to access a file, his token is being check aganist the file. if the ace of file allows the user to read the file then user is allowed access to the file.

tokens also contains some special privileges like seshutdownprivilege, sedebugprivilege etc.

these privileges allows user to perform certain actions without any restrictions.

Eg: if we have sedebugprivilege, we can open handle to any process regardless of our permissions. “Programmers, testers” might have this privilege in an organisation.

access tokens can be classified into PRIMARY TOKEN, IMPERSONATION TOKEN



If this looks interesting to you then why not try it?

Who this course is for:
  • Red Teamers
  • Security Consultants
  • Malware Developers

You Might Also Like:

Comment Policy: Please write your comments according to the topic of this page's post. Comments containing links will not be displayed until approved.
Buka Komentar
Tutup Komentar
-->