SUB-ZER0
Golden Member
- Joined
- December 4, 2025
- Messages
- 386
- Reaction score
- 353
- Points
- 63
- Thread Author
- #1
Token Universe is an advanced tool that provides a wide range of possibilities to research Windows security mechanisms. It has a convenient interface for creating, viewing, and modifying access tokens, managing Local Security Authority and Security Account Manager's databases. It allows you to obtain and impersonate different security contexts, manage privileges, auditing settings, and so on.
PREVIEW :
FEATURE : Obtaining tokens
LINK :
Don't forget to LIKE
PREVIEW :
FEATURE : Obtaining tokens
- Open process/thread token
- Open effective thread token (via direct impersonation)
- Query session token
- Log in user using explicit credentials
- Log in user without credentials (S4U logon)
- Duplicate tokens
- Duplicate handles
- Open linked token
- Filter tokens
- Create LowBox tokens
- Created restricted tokens using Safer API
- Search for opened handles
- Create anonymous token
- Impersonate logon session token via pipes
- Open clipboard token
- Add custom group membership while logging in users (requires Tcb Privilege)
- Create custom token from scratch (requires Create Token Privilege)
- User
- Statistics, source, flags
- Extended flags (TOKEN_*)
- Restricting SIDs
- App container SID and number
- Capabilities
- Claims
- Trust level
- Logon session type (filtered/elevated/default)
- Logon session information
- Verbose terminal session information
- Object and handle information (access, attributes, references)
- Object creator (PID)
- List of processes that have handles to this object
- Creation and last modification times
- Groups (enable/disable)
- Privileges (enable/disable/remove)
- Session
- Integrity level (lower/raise)
- UIAccess, mandatory policy
- Virtualization (enable/disable & allow/disallow)
- Owner and primary group
- Originating logon session
- Default DACL
- Security descriptor
- Audit overrides
- Handle flags (inherit, protect)
- Impersonation
- Safe impersonation
- Direct impersonation
- Send handle to process
- Create process with token
- Share with another instance of TokenUniverse
- Compare tokens
- Linking logon sessions to create UAC-friendly tokens
- Logon session relation map
- Viewing AppContainer information
- Listing AppContainer profiles per user
- Listing child AppContainers
- Creating/deleting AppContainers
- Global audit settings
- Per-user audit settings
- Quotas
- Security
- Enumerate accounts with privilege
- Enumerate accounts with right
- Domain information
- Group information
- Alias information
- User information
- Enumerate domain groups/aliases/users
- Enumerate group members
- Enumerate alias members
- Manage group members
- Manage alias members
- Create groups
- Create aliases
- Create users
- Sam object tree
- Security
- CreateProcessAsUser
- CreateProcessWithToken
- WMI
- RtlCreateUserProcess
- RtlCreateUserProcessEx
- NtCreateUserProcess
- NtCreateProcessEx
- CreateProcessWithLogon (credentials)
- ShellExecuteEx (no token)
- ShellExecute via IShellDispatch2 (no token)
- CreateProcess via code injection (no token)
- WdcRunTaskAsInteractiveUser (no token)
- Current directory
- Desktop
- Window show mode
- Flags (inherit handles, create suspended, breakaway from job, ...)
- Environmental variables
- Parent process override
- Mitigation policies
- Child process policy
- Run as invoker compatibility
- AppContainer SID
- Capabilities
- Immediate crash notification
- Window station and desktop access checks
- Debug messages reports
- Hierarchy
- Icons
- Listing processes from Low integrity & AppContainer
- Basic actions (resume/suspend, ...)
- Customizable columns
- Highlighting
- Security
- Handle table manipulation
- Restart as SYSTEM
- Restart as SYSTEM+ (with Create Token Privilege)
- Customizable columns
- Graphical hash icons
- Auto-detect inherited handles
- Our own security editor with arbitrary SIDs and mandatory label modification
- Customizable list of suggested SIDs
- Detailed error status information
- Detailed suggestions on errors
LINK :
Don't forget to LIKE
