Skip to main content

Summary

Drop or release any impersonated Windows access tokens and revert to the original state
  • Needs Admin: False
  • Version: 1
  • Author: @Ne0nd0g

Arguments

None

Usage

rev2self

MITRE ATT&CK Mapping

None

Detailed Summary

View the Merlin documentation website here for an in-depth explanation. The rev2self command leverages the RevertToSelf Windows API function and releases, or drops, any access token that have been created or stolen.