ATT&CK® Emulating Access Token Manipulation

A New Advanced Offering

This course analyzes real-world examples of adversaries performing Access Token Manipulation and discusses how we can emulate this behavior. The course is broken down into modules, with each module focusing on a specific sub-technique for Access Token Manipulation. The first module focuses on the token impersonation/theft sub-technique, and it dives into two real world examples from FIN8 and Shamoon.

Target Audience

This course is meant for adversary emulators who want to learn more about access token manipulation.

Course Prerequisites

Adversary Emulation Fundamentals Course Technical primer courses on Access Tokens and Access Token Manipulation.


Emulating Access Token