EXPLORE

← Back to Explore

T1185

Browser Session Hijacking

Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.(Citation: Wikipedia Man in the Browser) A specific example is when an adversary injects software into a browser that allows them to inherit cookies, HTTP sessions, and SSL client certificates of a user then use the browser as a way to pivot into an authenticated intra...

Windows

13

Detections

3

Sources

1

Threat Actors

BY SOURCE

9splunk_escu2elastic2sigma

PROCEDURES (9)

Cloud2 detections

Auto-extracted: 2 detections for cloud

Remote2 detections

Auto-extracted: 2 detections for remote

Suspicious2 detections

Auto-extracted: 2 detections for suspicious

Registry2 detections

Auto-extracted: 2 detections for registry

Persist1 detections

Auto-extracted: 1 detections for persist

Azure1 detections

Auto-extracted: 1 detections for azure

Azure1 detections

Auto-extracted: 1 detections for azure

Unusual1 detections

Auto-extracted: 1 detections for unusual

Unusual1 detections

Auto-extracted: 1 detections for unusual

THREAT ACTORS (1)

DETECTIONS (13)

ASL AWS Concurrent Sessions From Different Ips

AWS Concurrent Sessions From Different Ips

Azure AD Concurrent Sessions From Different Ips

Browser Process Spawned from an Unusual Parent

Browser Started with Remote Debugging

Manual Loading of a Suspicious Chromium Extension

O365 Concurrent Sessions From Different Ips

Potential Data Stealing Via Chromium Headless Debugging

Windows Browser Process Launched with Unusual Flags

Windows Chrome Auto-Update Disabled via Registry

Windows Chrome Enable Extension Loading via Command-Line

Windows Chrome Extension Allowed Registry Modification

Windows Chromium Process Loaded Extension via Command-Line