. 15952 Windows Access Tokens – A Penetration Er’s Guide

• 1 Abstract
• 2 Introduction
• 3 Post-Exploitation
  • 3.1 Metasploit
  • 3.2 Windows Access Tokens
• 4 Windows Access Tokens: An Overview
  • 4.1 The Role of a Token
  • 4.2 Process Tokens
  • 4.3 Thread Tokens
  • 4.4 Security Levels
• 5 Token Abuse
  • 5.1 Domain Privilege Escalation
  • 5.2 Local Privilege Escalation
• 6 Tool Requirements for Penetration Testing
  • 6.1 Enumerating Tokens
  • 6.2 Creating Processes
  • 6.3 Other Post-Exploitation Tasks
• 7 Incognito – Practical Exploitation
  • 7.1 Meterpreter Incognito Extension
• 8 Unexpected Exposure
  • 8.1 Expected Behaviour
  • 8.2 Actual Behaviour
  • 8.3 Exposure from Terminal Services
• 9 Locating Tokens on a Network
  • 9.1 Messenger Service
  • 9.2 Problems With Messenger Service Approach
  • 9.3 NetWkstaUserEnum()
• 10 Targeted Penetration Testing Methodology
• 11 Evidence of Organisational Exposure to Token Abuse
• 12 Defence
  • 12.1 No Patch
  • 12.2 Defensive Techniques
• 13 Conclusion
• 14 References