Steal a users access token and create a task

A token theft script was executed to steal and assume the token of another user’s existing process, changing the user context of the process. The script is then used to make registry modifications and schedule a taks to spawn a new agent in that users's context.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)