Token Impersonation: AD Post Compromise Attack
- Strider Gearhead
- Jul 16, 2023
- 1 min read
Overview
What are tokens?
Temporary keys that allow you access to a system/network without having provide credentials each time you access a file. Think cookies for computers.
Two types:
Delegate- Created for logging into a machine or using Remote Desktop.
Impersonate- “non-interactive” such as attaching a network drive or a domain logon script.
Steps:
Pop a shell and load incognito
Impersonate our domain user
To read the full write-up:
Comments