Hacker Reveals Easiest Way to Hijack Privileged Windows User Session Without Password
The Hacker News | March 20, 2017
You may be aware of the fact that a local Windows user with system rights and permissions can reset the password for other users, but did you know that a local user can also hijack other users' session, including domain admin/system user, without knowing their passwords? Alexander Korznikov, an Israeli security researcher, has recently demonstrated that a local privileged user can even hijack the session of any logged-in Windows user who has higher privileges without knowing that user's password, using built-in command line tools.