Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 10:37:11 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=2031089103&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Fpapers%2Fpresentations%2Fmwri_security-implications-of-windows-access-tokens_2008-04-14.pdf%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.2031089103.1338201431.1338201431.1338201431.1%3B%2B__utmz%3D32867617.1338201431.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/65694/mwri_security-implications-of-windows-access-tokens_2008-04-14.pdf http://packetstormsecurity.org/files/65694/mwri_security-implications-of-windows-access-tokens_2008-04-14.pdf http://packetstormsecurity.org/files/65694/mwri_security-implications-of-windows-access-tokens_2008-04-14.pdf.html Mon, 21 Apr 2008 21:24:35 GMT This whitepaper discusses the security exposures that can occur due to the manner in which access tokens are implemented in the Microsoft Windows Operating System. A brief overview of the intended function, design and implementation of Windows access tokens is given, followed by a discussion of the relevant security consequences of their design. More specific technical details are then given on how the features of Windows access tokens can be used to perform powerful post-exploitation functions during penetration testing, along with a basic methodology for including an assessment of the vulnerabilities exposed through tokens in a standard penetration test.