{"id":229,"date":"2024-02-01T07:54:14","date_gmt":"2024-02-01T06:54:14","guid":{"rendered":"https:\/\/www.ahehehinnou.fr\/M365SecurityCompliance\/?p=229"},"modified":"2024-02-01T07:54:14","modified_gmt":"2024-02-01T06:54:14","slug":"addressing-data-exfiltration-token-theft-talk","status":"publish","type":"post","link":"https:\/\/www.ahehehinnou.fr\/M365SecurityCompliance\/2024\/02\/01\/addressing-data-exfiltration-token-theft-talk\/","title":{"rendered":"Addressing Data Exfiltration: Token Theft Talk"},"content":{"rendered":"

Addressing Data Exfiltration: Token Theft Talk – Microsoft Community Hub<\/a><\/p>\n

Stolen authentication artifacts \u2013 tokens and cookies \u2013 can be used to impersonate the victim and gain access to everything the victim had access to. Up until a few years ago, token theft was a rare attack and was most often exercised by corporate Red Teams. Why? Because it\u2019s simpler to steal a password than a cookie. However, with multifactor authentication (MFA) becoming more prevalent, we\u2019re seeing real-life attacks involving artifact theft and replay.<\/p>\n

 <\/p>\n

Before diving into details, it\u2019s important to note that Microsoft recommends that the first line of defense against token theft is protecting your devices by deploying endpoint protections, device management, phishing-resistant MFA, and antimalware, as described in\u00a0Token tactics: How to prevent, detect, and respond to cloud token theft | Microsoft Security Blog<\/a>.<\/p>\n

 <\/p>\n

Now, let\u2019s discuss types of authentication artifacts and what techniques are recommended for each type to minimize the impact of theft. All authentication artifacts can be roughly divided into two buckets:<\/p>\n

 <\/p>\n