-
Book Overview & Buying
-
Table Of Contents
-
Feedback & Rating

Cybersecurity Attacks – Red Team Strategies
By :

Cookies are powerful and, at times, even more powerful than passwords. If an adversary steals the right cookies, they can gain unfettered access to resources. Multi-factor authentication does not protect us in this case as cookies are issued past the multi-factor step.
Additional challenges for critical operations within the web application or service can help further protect us from adversaries.
The Pass the Cookie technique is a powerful session hijacking tactic. The following diagram shows what Pass the Cookie means at a high level:
Figure 8.1: Pass the Cookie explained
The preceding diagram highlights the attack conceptually. The basic steps to perform these session-hijacking techniques are as follows: