Articles by Will Burgess


How attackers abuse Access Token Manipulation (ATT&CK T1134)

This blog teaches security practitioners how attackers abuse legitimate Windows functionalities to move laterally and compromise Active Directory domains.


Introduction to Windows tokens for security practitioners

Windows access token manipulation attacks are well known and abused from an offensive perspective, but rely on an extensive body of arcane Windows security internals. In this blog post, we demystify how access tokens work in Windows environments.