»Pivot to the Cloud using Pass the Cookie«
2018-12-29, 13:35–13:40, Borg
This talk will discuss Pass the Cookie which is a post-exploitation technique adversaries and red teams use to pivot from on-premise to cloud asset.
An adversary can pivot from a compromised host to Web Applications and Internet Services by stealing authentication cookies from browsers and related processes. This bypasses most multi-factor authentication protocols. There will be a cheat sheet to help test and better protect your assets. Disclaimer: Always make sure you have proper authorization for pen testing.
So, let's Pass the Cookie and Pivot to the Clouds.