Home >
Enterprise >
Participants >
Elastic >
Access Token Manipulation (T1134)
|
|
See technique results for:
Carbanak+FIN7 |
||
The technique was not in scope. |
APT29 |
||||
Step | ATT&CK Pattern |
|
||
10.B.3
|
|
APT3 |
||||||
Step | ATT&CK Pattern |
|
||||
3.A.1.2
|
|
|||||
5.B.1
|
|
Procedure
Cobalt Strike: Built-in UAC bypass token duplication capability executed to modify current process token
Footnotes
- During the evaluation, Windows Defender was unknowingly reenabled. As a result, Bypass UAC was tested in a slightly modified method. The detection method Endgame exhibited would have been valid regardless.


[2]

