Explore the fundamentals of threat hunting and learn how to generate effective hunt hypotheses in this Black Hat conference talk. Discover the often-overlooked first step in the threat hunting process, which can guide targeted collection and analysis of forensic artifacts. Delve into the benefits of hypothesis-driven hunting, the hacker lifecycle, and the MITRE ATT&CK framework. Gain insights into building hunt hypotheses, identifying tactics and procedures, and properly scoping and documenting your hunt. Focus on access token manipulation in Windows authentication, understanding token types, impersonation, and visualization techniques. Learn about collection requirements for access tokens and explore various attack methods, including creating impostor tokens and new logon sessions. Conclude with a demonstration and Q&A session to solidify your understanding of this critical cybersecurity approach.