Tag: initial access

How abuse and manipulation of access tokens leads to compromise

With the increase in the number of online accounts each individual uses, many online services now provide a “Sign in with…” option for users to use credentials from other identity providers to reduce the number of credentials and simplify the login process. Similarly, corporate environments are increasingly using Single Sign-On (SSO) to limit the amount…

April 2, 2024
Initial Access Brokers and Cyber Threat Intelligence

Every time I see a new cyber incident on the news, or start working on a new incident, the first question that pops up in my mind (much like many other Digital Forensics and Incident Response (DFIR) professionals) is How did they get in?! That innate human characteristic of curiosity (and a bit of nosiness)…

November 28, 2023

How abuse and manipulation of access tokens leads to compromise