Using windows access tokens for post-exploitation



Hey guys,

I recently got round to writing the whitepaper version of my Defcon 15
and CCC talk. It is about the security implications of windows access
tokens and is very much focused on how they can be exploited during
penetration testing.

For those who are interested, please find the PDF link and sourceforge
link to the accompanying tool below: -

http://www.mwrinfosecurity.com/publications/mwri_security-implications-of-windows-access-tokens_2008-04-14.pdf
http://sourceforge.net/projects/incognito

Attachment: signature.asc
Description: OpenPGP digital signature