https://github.com/lab52io/StealAllTokens

This PoC uses two diferent technics for stealing the primary token from all running processes, showing that is possible to impersonate and use whatever token present at any process
https://github.com/lab52io/StealAllTokens

Last synced: 4 months ago
JSON representation

This PoC uses two diferent technics for stealing the primary token from all running processes, showing that is possible to impersonate and use whatever token present at any process

• Host: GitHub
• URL: https://github.com/lab52io/StealAllTokens
• Owner: lab52io
• Created: 2021-11-04T15:08:18.000Z (about 4 years ago)
• Default Branch: master
• Last Pushed: 2021-11-04T17:11:50.000Z (about 4 years ago)
• Last Synced: 2024-11-21T11:38:35.174Z (12 months ago)
• Language: C++
• Size: 90.8 KB
• Stars: 55
• Watchers: 4
• Forks: 13
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-hacking-lists - lab52io/StealAllTokens - This PoC uses two diferent technics for stealing the primary token from all running processes, showing that is possible to impersonate and use whatever token present at any process (C++)

README

          
# StealAllTokens

This PoC uses two diferent technics for stealing the primary token from all running processes, showing that is possible to impersonate and use whatever token present at any process

![](Img/TI.png)

# Blogpost

# Credits

* https://posts.specterops.io/understanding-and-defending-against-access-token-theft-finding-alternatives-to-winlogon-exe-80696c8a73b

* https://github.com/lab52io/StopDefender

* https://www.mcafee.com/enterprise/en-us/assets/reports/rp-access-token-theft-manipulation-attacks.pdf

* http://undocumented.ntinternals.net/index.html?page=UserMode%2FUndocumented%20Functions%2FNT%20Objects%2FThread%2FNtImpersonateThread.html

* https://googleprojectzero.blogspot.com/2016/03/exploiting-leaked-thread-handle.html