all InfoSec news
Koh: The Token Stealer
July 7, 2022, 6:09 p.m. | Will Schroeder
Security Boulevard securityboulevard.com
Years ago I was chatting with a few experienced red teamers and one was lamenting token abuse. Specifically, they wanted to be able to automatically “harvest” tokens on a host as people connected, keeping the tokens usable for operators even after the associated account logged off. I knew very little about Windows authentication at the time, so when the other red teamer investigated the idea and told us it wasn’t possible, I left it at that. Before September 2016 they …
More from securityboulevard.com / Security Boulevard
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Cloud Technical Solutions Engineer, Security
@ Google | Mexico City, CDMX, Mexico
Assoc Eng Equipment Engineering
@ GlobalFoundries | SGP - Woodlands
Staff Security Engineer, Cloud Infrastructure
@ Flexport | Bellevue, WA; San Francisco, CA
Software Engineer III, Google Cloud Security and Privacy
@ Google | Sunnyvale, CA, USA
Software Engineering Manager II, Infrastructure, Google Cloud Security and Privacy
@ Google | San Francisco, CA, USA; Sunnyvale, CA, USA