Explore the intricacies of Windows access token manipulation attacks in this 39-minute Black Hat conference talk. Delve into the complex world of Windows security internals, including logon sessions, access tokens, UAC, and network authentication protocols like Kerberos and NTLM. Gain insights into how attackers exploit legitimate Windows functionality for lateral movement and domain compromise. Learn effective detection strategies to identify these attacks at scale across enterprises. Discover the inner workings of logon sessions, access tokens, network authentication, and impersonation techniques. Examine various token manipulation methods, including NETONLY, CreateProcessWithLogon, Pass-The-Ticket, and Overpass-the-hash. Understand the Frida Basic Shocking template and its applications. Equip yourself with the knowledge to detect and mitigate access token manipulation attacks, bridging the gap between offensive tactics and defensive practices in Windows environments.