Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Access Token Manipulation

Training Camp • Cybersecurity Glossary

What is Access Token Manipulation?

Access Token Manipulation is a MITRE ATTACK technique where adversaries steal or impersonate Windows tokens to escalate privileges and evade controls.

Glossary > Threats, Malware & Attacks > Access Token Manipulation

Understanding Access Token Manipulation

Access Token Manipulation is an attack technique, cataloged in the MITRE ATTACK framework, in which an adversary modifies access tokens in Windows to operate under a different user's security context and evade access controls. By stealing or impersonating tokens from existing logged-on processes, attackers can escalate privileges or move laterally while making their actions appear to come from a legitimate account. Common variants include token impersonation or theft, creating a process with a stolen token, and making and impersonating tokens with captured credentials.

Learn More About Access Token Manipulation:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →