Security Implications of Windows Access Tokens
Researcher: Luke Jennings
Date Started: Jan 01, 2007
Windows access tokens have important security implications, particularly with regard to their potential abuse for both local and domain level privilege escalation. This project aims to provide the necessary information and tools in order to accurately assess the risk imposed by windows access tokens by penetration testers and give practical advice on how to defend against the attacks described.
Full TextNews
MWR InfoSecurity Consultants to speak at EUSecWest Conference
May 06, 2008
Martyn Ruks and Luke Jennings of MWR InfoSecurity have been invited to present at the forthcoming EUSecWest Conference to be held in London on 21st and 22nd May 2008.
Martyn will be presenting on IBM WebSphere MQ security and the talk will include the findings of security research and demonstrations of methods used to exploit vulnerabilities in the product. Luke's talk will be on the topic of Microsoft Windows access tokens and will include discussion about the methods that can be employed to utilise them during penetration testing activities.
The conference will consist of a series of presentations by leading security experts. The aim of the event is to allow those involved in the security industry to present the results of their research activities and provides the opportunity to discuss new technologies and best practice defence techniques. Sponsors of the conference include CESG and Microsoft
Computer Weekly Highlights MWR InfoSecurity at DefCon
Aug 01, 2007
Source: Computer Weekly
Luke Jenning's forthcoming presentation at DefCon 15 in Las Vegas has been featured in a recent Computer Weekly article. The topic of Luke's talk will be the risks of using a single sign-on mechanism in Windows Operating Systems, and ways in which organisations can protect themselves against the misuse of access tokens.
View All
Page:
1