00:00 - Intro, you should be using centralized logging for this. But if not this hackjob will do
01:18 - Talking about the Sensitve Command Token
02:00 - Examining how this all works, creates three registry keys for Image File Execution Options and SilentProcessExit
03:50 - Talking about the "So much offense in my defense" phrase. Really loved it, showing a blog about using this technique as a persistence
04:50 - Showing the token works and what the email looked like
05:30 - Ranting more about "so much offense in my defense" and why blue teamers should learn red team techniques
08:20 - Creating a new token so we can deploy this one via Active Directories Group Policy
09:00 - Opening GPMC and creating a registry entry
11:00 - Running gpupdate /force to show the group policy created the registry keys
13:00 - Attempting to get the arguments of our process but failing. Never get this part working.
Referenced Blogs:
https://blog.thinkst.com/2022/09/sensitive-command-token-so-much-offense.html
https://oddvar.moe/2018/04/10/persistence-using-globalflags-in-image-file-execution-options-hidden-from-autoruns-exe/
Support the originator by clicking the read the rest link below.
