Incognito is a tool for manipulating windows access tokens and is intended for use by penetration testers, security consultants and system administrators.
5f9d0055d62788b46aef7bd2f7dfdf9bd0dc129a2629983a18937bdacc378f28
This whitepaper discusses the security exposures that can occur due to the manner in which access tokens are implemented in the Microsoft Windows Operating System. A brief overview of the intended function, design and implementation of Windows access tokens is given, followed by a discussion of the relevant security consequences of their design. More specific technical details are then given on how the features of Windows access tokens can be used to perform powerful post-exploitation functions during penetration testing, along with a basic methodology for including an assessment of the vulnerabilities exposed through tokens in a standard penetration test.
f23fe0277430389cbdd97c8c16d8eedd6520a0745f8fdc08b7c96f87a6131bf1