No More Cookies for You: Attacking and Defending Credentials

The techniques, tactics and procedures (TTP’s) used to bypass security controls continue to evolve at a rapid pace. Web-based applications have become essential to life and work, and our web browsers, which seemingly know everything about us, have become the prime targets for credential stealing attacks. In fact, threat actors and credentials stealing malware commonly target browsers to compromise stored credentials and session cookies, for they hold the secrets. Like updating passwords on a regular basis, clearing web browser cookies is a cyber hygiene practice neglected by most. If hijacked, these cookies will enable attackers to bypass Multi-Factor Authentication (MFA), Single Sign-on (SSO) and gain access to critical business applications. Threat actors can use this technique as a jumping point to deploy malicious code, social engineer, and further carry out their attack. Hear from Shay Nahari, VP of CyberArk Red Team and Andy Thompson, Research Evangelist of CyberArk Labs as they discuss and demonstrate how cookies and session IDs can be stolen with ease and how CyberArk Endpoint Privilege Manager (EPM) credential theft protection can prevent this and many other emerging techniques from being used against your organization.