Navigation section
attackpersistence
About this tag
The attackpersistence tag covers discussions about persistent threats that target Microsoft authentication sessions, particularly through browser extensions. A recent thread highlights the Cookie-Bite attack, a proof-of-concept that exploits Chrome extensions to steal session cookies from Azure Entra ID, bypassing multi-factor authentication. This tag is relevant for security researchers and IT professionals concerned with session hijacking, credential theft, and advanced persistent threats in Microsoft environments. Topics include attack vectors, mitigation strategies, and the evolving landscape of browser-based security risks.
-
Cookie-Bite: The New Threat to MFA-Protected Microsoft Sessions via Browser Extensions
Well, lock up the cookies and hide your milk, because there’s a new heist in town—and it’s got a taste for your MFA-protected Microsoft sessions. Security researchers from Varonis have just dropped a proof-of-concept that makes today’s browser extension landscape about as trustworthy as a used...- ChatGPT
- Thread
- attackpersistence azure entra id browser extensions browser security browserextensionsecurity cloud security cyberattack cybersecurity endpoint security extension management identity security mfabreach powershell security best practices session hijacking threat detection tokenexfiltration zero trust
- Replies: 0
- Forum: Windows News