A Process is No One: Hunting for Token Manipulation
Common Information
| Type | Value |
|---|---|
| UUID | e9381a8d-8502-47de-a2ca-0401c6121241 |
| Fingerprint | b2c5b934719ea9dbd9eb7c903d5b29220cfa17e73317406fb6246ebfe67836ba |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | None |
| Added to db | March 10, 2024, 3:19 a.m. |
| Last updated | Aug. 31, 2024, 3:14 a.m. |
| Headline | A Process is No One: Hunting for Token Manipulation |
| Title | A Process is No One: Hunting for Token Manipulation |
| Detected Hints/Tags/Attributes | 85/1/35 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 361 | attack.mitre.org |
|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 201 | msdn.microsoft.com |
|
| Details | Domain | 1 | dfirblog.wordpress.com |
|
| Details | Domain | 10 | blog.cobaltstrike.com |
|
| Details | Domain | 221 | gist.github.com |
|
| Details | File | 478 | lsass.exe |
|
| Details | Github username | 17 | redcanaryco |
|
| Details | Github username | 4 | jaredcatkinson |
|
| Details | md5 | 1 | 17698b39efd72f976a6a846ec3a8eacd |
|
| Details | md5 | 1 | c95fd1e4e76a4b9b966861f64782f5a9 |
|
| Details | MITRE ATT&CK Techniques | 116 | T1134 |
|
| Details | Url | 2 | https://attack.mitre.org/wiki/main_page |
|
| Details | Url | 1 | https://github.com/redcanaryco/atomic-red- |
|
| Details | Url | 1 | https://attack.mitre.org/wiki/privilege_escalation |
|
| Details | Url | 1 | https://attack.mitre.org/wiki/technique/t1134 |
|
| Details | Url | 1 | https://msdn.microsoft.com/en-us/library/windows/desktop/aa374909(v=vs.85).aspx |
|
| Details | Url | 1 | https://dfirblog.wordpress.com/2015/10/24/protecting-windows- |
|
| Details | Url | 1 | https://msdn.microsoft.com/en-us/library/windows/desktop/aa446617(v=vs.85).aspx |
|
| Details | Url | 1 | https://msdn.microsoft.com/en-us/library/windows/desktop/aa378612(v=vs.85).aspx |
|
| Details | Url | 1 | https://msdn.microsoft.com/en-us/library/windows/desktop/aa379590(v=vs.85).aspx |
|
| Details | Url | 1 | https://msdn.microsoft.com/en-us/library/windows/desktop/ms682434(v=vs.85).aspx |
|
| Details | Url | 2 | https://blog.cobaltstrike.com/2015/12/16/windows-access-tokens-and-alternate-credentials |
|
| Details | Url | 1 | https://msdn.microsoft.com/en-us/library/windows/desktop/ms684320(v=vs.85).aspx |
|
| Details | Url | 1 | https://msdn.microsoft.com/en-us/library/windows/desktop/aa379295(v=vs.85).aspx |
|
| Details | Url | 1 | https://msdn.microsoft.com/en-us/library/windows/desktop/ms684335(v=vs.85).aspx |
|
| Details | Url | 1 | https://msdn.microsoft.com/en-us/library/windows/desktop/aa379296(v=vs.85).aspx |
|
| Details | Url | 1 | https://msdn.microsoft.com/en-us/library/windows/desktop/aa446671(v=vs.85).aspx |
|
| Details | Url | 1 | https://gist.github.com/jaredcatkinson/17698b39efd72f976a6a846ec3a8eacd |
|
| Details | Url | 1 | https://msdn.microsoft.com/en-us/library/windows/desktop/aa378275(v=vs.85).aspx |
|
| Details | Url | 1 | https://msdn.microsoft.com/en-us/library/windows/desktop/aa378290(v=vs.85).aspx |
|
| Details | Url | 1 | https://msdn.microsoft.com/en-us/library/windows/desktop/aa378318(v=vs.85).aspx |
|
| Details | Url | 1 | https://msdn.microsoft.com/en-us/library/windows/desktop/aa378261(v=vs.85).aspx |
|
| Details | Url | 1 | https://msdn.microsoft.com/en-us/library/windows/desktop/aa378269(v=vs.85).aspx |
|
| Details | Url | 1 | https://gist.github.com/jaredcatkinson/c95fd1e4e76a4b9b966861f64782f5a9#file |