EXPLORE
← Back to Explore
T1539

Steal Web Session Cookie

An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials. Web applications and services often use session cookies as an authentication token after a user has authenticated to a website. Cookies are often valid for an extended period of time, even if the web application is not actively used. Cookies can be found on disk, in the process memory of the browser, and in n...

LinuxmacOSOffice SuiteSaaSWindows
16
Detections
3
Sources
8
Threat Actors

BY SOURCE

13elastic2sigma1splunk_escu

PROCEDURES (13)

Process Creation Monitoring2 detections

Auto-extracted: 2 detections for process creation monitoring

Office2 detections

Auto-extracted: 2 detections for office

Phish1 detections

Auto-extracted: 1 detections for phish

Aws1 detections

Auto-extracted: 1 detections for aws

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Token1 detections

Auto-extracted: 1 detections for token

Token1 detections

Auto-extracted: 1 detections for token

Service1 detections

Auto-extracted: 1 detections for service

Credential1 detections

Auto-extracted: 1 detections for credential

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Aws1 detections

Auto-extracted: 1 detections for aws

Credential1 detections

Auto-extracted: 1 detections for credential

Credential1 detections

Auto-extracted: 1 detections for credential

DETECTIONS (16)