Isn't it dangerous to create an application like TokenSnatcher? It could potentially be used to perform illegal privilege escalation on a corporate network?

The fact is, that the "bad hombres" out there already know the various techniques of hacking and breaking systems. They are fully capable of creating their own tools and strategies and won't be impressed with something like TokenSnatcher.

The challenge is for "regular" admins to keep up with all that dark creativity. Depending on the size of your company you need to have a very mixed skill set working in you daily life as an IT admin. Most likely you don't find the time to dig to the bottom of all the various security challenges surrounding you.

Therefore, seeing TokenSnatcher in action, to click-and-select the identity of other admins on a shared server, should be an eye-opener to most admins. Hopefully this will increase the awareness around the potential misuse and trigger some proactive countermeasures.


Even Microsoft supports this view, as seen in this post. It illustrates in detail, with source code, how to perform a fileless attack. Apart from it's disagreeable business it's actually quite neat.

MS_Fileless_Attack

The above mentioned article provides a great example on learning some of the techniques used by criminals to attack your network. I believe this kind of information truly belongs out in the open.

If you're looking for more information on various types of threats and how to protect yourself, take a look at the security section on microsoft.com. You'll find a nice categorization of the various attack types as well as detailed information on each of them.

Categories: HackingTools

Leave a Reply

Your email address will not be published. Required fields are marked *