Bengaluru, Karnataka, INDIA 560042
+91-9784367546, +91-8839669785

Tag: Privilege Escalation

A Real World Adversary Labs

Access Token Manipulation: Parent PID Spoofing

Abstract: One of the most useful techniques hunt teams can use for detecting anomalous activity is the analysis of parent-child process relationships. However, more capable adversaries can bypass this using Parent PID Spoofing allowing the execution of a malicious process from an arbitrary parent process. While it’s not any new technique having been covered by…
Read more

Access Token Manipulation Detection: Behavioral Analytics

Overview Access tokens are used in windows for security purpose. All the processes in windows are started by some user and the system knows the rights and privileges that the user has. The system uses access tokens to determine the owners and their privileges of all running processes. These access tokens can be easily manipulated…
Read more