← Back to Explore
T1550.004
Web Session Cookie
Adversaries can use stolen session cookies to authenticate to web applications and services. This technique bypasses some multi-factor authentication protocols since the session is already authenticated.(Citation: Pass The Cookie) Authentication cookies are commonly used in web applications, including cloud-based services, after a user has authenticated to the service so credentials are not passed and re-authentication does not need to occur as frequently. Cookies are often valid for an extende...
SaaSIaaSOffice Suite
5
Detections
2
Sources
1
Threat Actors
BY SOURCE
4elastic1splunk_escu
PROCEDURES (5)
Token1 detections
Auto-extracted: 1 detections for token
Token1 detections
Auto-extracted: 1 detections for token
Authentication Monitoring1 detections
Auto-extracted: 1 detections for authentication monitoring
Phish1 detections
Auto-extracted: 1 detections for phish
Bypass1 detections
Auto-extracted: 1 detections for bypass