Steal a users access token and create a task
A token theft script was executed to steal and assume the token of another user’s existing process, changing the user context of the process.
The script is then used to make registry modifications and schedule a taks to spawn a new agent in that users's context.
To view this TTPs command, you must be logged in with a professional or enterprise license.Login
Test this TTP
Download Operator (1.7.1)