Home >
Enterprise >
Participants >
Elastic >
Access Token Manipulation: Token Impersonation/Theft (T1134.001)
|
|
See subtechnique results for:
Carbanak+FIN7 |
||
The subtechnique was not in scope. |
APT29 |
||
The subtechnique was not in scope. |
APT3 |
||||||
Step | ATT&CK Pattern |
|
||||
3.A.1.2
|
|
|||||
5.B.1
|
|
Procedure
Cobalt Strike: Built-in UAC bypass token duplication capability executed to modify current process token
Footnotes
- During the evaluation, Windows Defender was unknowingly reenabled. As a result, Bypass UAC was tested in a slightly modified method. The detection method Endgame exhibited would have been valid regardless.


[2]

