Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/lab52io/StealAllTokens
This PoC uses two diferent technics for stealing the primary token from all running processes, showing that is possible to impersonate and use whatever token present at any process
https://github.com/lab52io/StealAllTokens
Last synced: 21 days ago
JSON representation
This PoC uses two diferent technics for stealing the primary token from all running processes, showing that is possible to impersonate and use whatever token present at any process
- Host: GitHub
- URL: https://github.com/lab52io/StealAllTokens
- Owner: lab52io
- Created: 2021-11-04T15:08:18.000Z (about 3 years ago)
- Default Branch: master
- Last Pushed: 2021-11-04T17:11:50.000Z (about 3 years ago)
- Last Synced: 2024-08-05T17:27:13.834Z (4 months ago)
- Language: C++
- Size: 90.8 KB
- Stars: 55
- Watchers: 4
- Forks: 14
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - lab52io/StealAllTokens - This PoC uses two diferent technics for stealing the primary token from all running processes, showing that is possible to impersonate and use whatever token present at any process (C++)
README
# StealAllTokens
This PoC uses two diferent technics for stealing the primary token from all running processes, showing that is possible to impersonate and use whatever token present at any process
# Blogpost
# Credits
* https://posts.specterops.io/understanding-and-defending-against-access-token-theft-finding-alternatives-to-winlogon-exe-80696c8a73b
* https://github.com/lab52io/StopDefender
* https://www.mcafee.com/enterprise/en-us/assets/reports/rp-access-token-theft-manipulation-attacks.pdf
* http://undocumented.ntinternals.net/index.html?page=UserMode%2FUndocumented%20Functions%2FNT%20Objects%2FThread%2FNtImpersonateThread.html
* https://googleprojectzero.blogspot.com/2016/03/exploiting-leaked-thread-handle.html