Monitor Cobalt Strike beacon for Windows tokens and gain Kerberos persistence
In a recent engagement my teammates and I compromised a Windows server where some high privileged users were connected. We did not want to risk to extract credentials from lsass.exe as the EDR woul...