Steal Application Access Token
Adversaries can steal application access tokens as a means of acquiring credentials to access remote systems and resources. Application access tokens are used to make authorized API requests on behalf of a user or service and are commonly used as a way to access resources in cloud and container-based applications and software-as-a-service (SaaS).(Citation: Auth0 - Why You Should Always Use Access Tokens to Secure APIs Sept 2019) Adversaries who steal account API tokens in cloud and containeriz...
BY SOURCE
PROCEDURES (30)
Auto-extracted: 5 detections for general monitoring
Auto-extracted: 4 detections for azure
Auto-extracted: 3 detections for powershell
Auto-extracted: 2 detections for office
Auto-extracted: 2 detections for persist
Auto-extracted: 2 detections for bypass
Auto-extracted: 1 detections for service
Auto-extracted: 1 detections for impersonat
Auto-extracted: 1 detections for exfiltrat
Auto-extracted: 1 detections for kubernetes
Auto-extracted: 1 detections for phish
Auto-extracted: 1 detections for phish
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for file monitoring
Auto-extracted: 1 detections for persist
Auto-extracted: 1 detections for email
Auto-extracted: 1 detections for office
Auto-extracted: 1 detections for impersonat
Auto-extracted: 1 detections for token
Auto-extracted: 1 detections for cloud
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for azure
Auto-extracted: 1 detections for kubernetes
Auto-extracted: 1 detections for phish
Auto-extracted: 1 detections for token
Auto-extracted: 1 detections for token
Auto-extracted: 1 detections for suspicious
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for privilege
Auto-extracted: 1 detections for phish