Application Access Token
Adversaries may use stolen application access tokens to bypass the typical authentication process and access restricted accounts, information, or services on remote systems. These tokens are typically stolen from users or services and used in lieu of login credentials. Application access tokens are used to make authorized API requests on behalf of a user or service and are commonly used to access resources in cloud, container-based applications, and software-as-a-service (SaaS).(Citation: Auth0...
BY SOURCE
PROCEDURES (22)
Auto-extracted: 4 detections for suspicious
Auto-extracted: 3 detections for powershell
Auto-extracted: 2 detections for aws
Auto-extracted: 2 detections for bypass
Auto-extracted: 2 detections for persist
Auto-extracted: 1 detections for email
Auto-extracted: 1 detections for phish
Auto-extracted: 1 detections for impersonat
Auto-extracted: 1 detections for impersonat
Auto-extracted: 1 detections for azure
Auto-extracted: 1 detections for cloud
Auto-extracted: 1 detections for privilege
Auto-extracted: 1 detections for email
Auto-extracted: 1 detections for azure
Auto-extracted: 1 detections for kubernetes
Auto-extracted: 1 detections for container
Auto-extracted: 1 detections for bypass
Auto-extracted: 1 detections for credential
Auto-extracted: 1 detections for persist
Auto-extracted: 1 detections for cloud
Auto-extracted: 1 detections for container
Auto-extracted: 1 detections for impersonat