You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
token persistence
About this tag
Token persistence is a critical security concept in cloud environments, particularly concerning Microsoft Entra ID (formerly Azure Active Directory) and OAuth authentication. Recent discussions on WindowsForum highlight a new attack technique where threat actors use Cobalt Strike Beacon to steal Microsoft Entra refresh tokens from compromised endpoints. This method can bypass multi-factor authentication (MFA) by leveraging persistent tokens, allowing attackers to maintain access to Microsoft 365, Azure, and other cloud services. The topic underscores the importance of securing token storage, monitoring for unusual token usage, and implementing token revocation policies to defend against advanced persistent threats targeting cloud authentication.
Cisco Talos has identified ARToken, a React-based operator panel tied by infrastructure and API behavior to the EvilTokens phishing-as-a-service ecosystem, exposing more than 80 endpoints for Microsoft 365 device-code phishing, token persistence, mailbox abuse, BEC operations, and SharePoint...
A new development in the realm of cloud security threats has emerged, offering threat actors a novel way to obtain Microsoft Entra (formerly Azure Active Directory) refresh tokens from compromised endpoints, potentially bypassing even robust multi-factor authentication (MFA) mechanisms. This...