Windows Security: Abusing Access Tokens | A Practical CTF Walkthrough

ToxSec | Exploit misconfigured access tokens to impersonate SYSTEM and own the THM box.

Feb 18, 2024

∙ Paid

0x00 Introduction

This Windows box is a clean lesson in chaining web-to-system exploitation. Jenkins gave us the foothold. Nishang and Meterpreter carried the shell. And Windows access tokens — specif…

Continue reading this post for free, courtesy of ToxSec.

Or purchase a paid subscription.