![]() ![]() ![]() Here in Part 1, we'll cover key concepts in Windows Security. The desired outcome is to help defenders understand how access tokens work in Windows environments. In Part 2 of the series, we’ll build on the concepts outlined in Part 1 and cover how attackers abuse legitimate Windows functionality to move laterally and compromise entire Active Directory domains in depth.Īs a note of caution, this blog has deliberately attempted to abstract away the workings of specific Windows network authentication protocols (e.g., NTLM and Kerberos) and Security Support Providers (e.g., CredSSP, Negotiate, etc.). This blog series is aimed at giving defense practitioners a thorough understanding of Windows access tokens for the purposes of detection engineering. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |