Home/ MITRE Matrix/ Defense Evasion/ T1134.001

T1134.001Token Impersonation/Theft

T1134.001 — Token Impersonation/Theft is a MITRE ATT&CK technique in the Defense Evasion tactic. Clankerusecase tracks 6 detection use cases covering it and 2 threat-intel articles citing it.

Defense EvasionPrivilege Escalation

View on the matrix → Filter Detection Library MITRE official spec ↗

6Use cases

2Articles

0Sub-techniques

2Tactics

↑ Parent technique: T1134 · Access Token Manipulation

Use cases covering this technique (6)

Runas Execution in CommandLine ESCU actions · hunting P Windows Access Token Manipulation Winlogon Duplicate Token Handle ESCU actions · hunting P Windows Access Token Winlogon Duplicate Handle In Uncommon Path ESCU actions · hunting P Windows Handle Duplication in Known UAC-Bypass Binaries ESCU actions · hunting P [LLM] Defender Component (MsMpEng/NisSrv) Spawns Interactive Shell with SYSTEM Integrity Bespoke exploit · alerting DSΣPDDCS [LLM] Non-browser process reading Chrome/Edge/Opera Login Data or Local State Bespoke actions · alerting DSΣPDDCS

Articles citing this technique (2)

crit Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows art-71

med MuddyWater: Snakes by the riverbank art-676