<noframes id="vfxvr">

    <track id="vfxvr"></track>

      <span id="vfxvr"></span>

          ATT&CK-CN V1.01 Last Update: 2019-11 [返回索引頁]

          譯者: 林妙倩(清華大學網絡研究院網絡空間安全實習生)、戴亦侖(賽寧網安) 原創翻譯作品,如果需要轉載請取得翻譯作者同意。

          數據來源:ATT&CK Matrices

          原文: https://attack.mitre.org/techniques/T1539

          術語表: /attack/glossary

          盜取Web會話Cookie

          攻擊者可能會竊取Web應用程序或服務會話cookie,并以身份驗證的用戶身份使用它們來獲取訪問Web應用程序或Internet服務的權限,而無需憑據。用戶對網站進行身份驗證后,Web應用程序和服務通常將會話cookie用作身份驗證令牌。

          即使沒有積極使用Web應用程序,Cookie通常也可以長期有效。Cookies可以在磁盤上,瀏覽器的進程內存中以及到遠程系統的網絡流量中找到。此外,目標計算機上的其他應用程序可能會將敏感的身份驗證Cookie存儲在內存中(例如,對云服務進行身份驗證的應用程序)。會話cookie可用于繞過某些多因素身份驗證協議。

          有幾個通過本地系統上的Web瀏覽器將Cookie定位為惡意軟件的示例。還有諸如Evilginx 2和Mauraena之類的開源框架,它們可以通過中間人代理收集會話cookie,中間人代理可以由對手設置并用于網絡釣魚活動。

          對手獲取有效的Cookie后,他們可以執行Web會話Cookie(T1506)技術以登錄到相應的Web應用程序。

          An adversary may steal web application or service session cookies and use them to gain access web applications or Internet services as an authenticated user without needing credentials. Web applications and services often use session cookies as an authentication token after a user has authenticated to a website.

          Cookies are often valid for an extended period of time, even if the web application is not actively used. Cookies can be found on disk, in the process memory of the browser, and in network traffic to remote systems. Additionally, other applications on the targets machine might store sensitive authentication cookies in memory (e.g. apps which authenticate to cloud services). Session cookies can be used to bypasses some multi-factor authentication protocols.

          There are several examples of malware targeting cookies from web browsers on the local system.There are also open source frameworks such as Evilginx 2 and Mauraena that can gather session cookies through a man-in-the-middle proxy that can be set up by an adversary and used in phishing campaigns.[

          After an adversary acquires a valid cookie, they can then perform a Web Session Cookie(T1506) technique to login to the corresponding web application.

          標簽

          ID編號: T1539

          策略: 憑證訪問

          平臺: Linux,macOS,Windows,Office 365,SaaS

          所需權限: user

          數據源: 文件監視,API監視

          緩解措施

          緩解 描述
          多因素認證 (M1032) 使用目標登錄域作為協商協議一部分的物理第二因素密鑰將防止通過代理方法盜用會話cookie。
          軟件配置 (M1054) 配置瀏覽器或任務以定期刪除持久性cookie。
          用戶培訓 (M1017) 培訓用戶以識別網絡釣魚嘗試的各個方面,在這些方面中,要求用戶在其所登錄應用程序的域不正確的站點中輸入憑據。
          Mitigation Description
          Multi-factor Authentication(M1032) A physical second factor key that uses the target login domain as part of the negotiation protocol will prevent session cookie theft through proxy methods.
          Software Configuration(M1054) Configure browsers or tasks to regularly delete persistent cookies.
          User Training (M1017) Train users to identify aspects of phishing attempts where they're asked to enter credentials into a site that has the incorrect domain for the application they are logging into

          檢測

          監視訪問本地系統上用于存儲瀏覽器會話cookie的文件和存儲庫的嘗試。監視程序是否嘗試將其插入或轉儲瀏覽器進程內存。

          Monitor for attempts to access files and repositories on a local system that are used to store browser session cookies. Monitor for attempts by programs to inject into or dump browser process memory.

          欧美日韩国产亚洲,天天射影院,大芭蕉天天视频在线观看,欧美肥老太牲交大片,奇米色888,黄三级高清在线播放,国产卡一卡二卡三卡四,亚洲第一黄色视频 日韩中文字幕中文有码,日本A级作爱片一,奇米第四,三级片短片视频免费在线观看,奇米网狠狠网,影音先锋色AV男人资源网,日本丰满熟妇hd 日本日韩中文字幕无区码,涩 色 爱 性,天天射影视,中文字幕制服丝袜第57页,777米奇影院奇米网狠狠,尤物TV国产精品看片在线,欧洲女同牲恋牲交视频 久久AV天堂日日综合,亚洲性爱影院色yeye,日韩亚洲欧美Av精品,十八禁全身裸露全彩漫画,奇米网影视,人人爽人人澡人人人妻,动漫AV专区,天天色综合影院 日韩精品中文字幕,特级无码毛片免费视频,人妻少妇不卡无码视频,制服丝袜有码中文字幕在线,深爱激动情网婷婷,影音先锋全部色先锋,香港三级日本三级韩级人妇 日韩欧美亚洲综合久久在线视频,2021XX性影院,玖玖资源站最稳定网址,日韩亚洲制服丝袜中文字幕,国产超碰人人模人人爽人人喊,先锋色熟女丝袜资源 很黄特别刺激又免费的视频,2021一本久道在线线观看,色中娱乐黄色大片,日本高清不卡在线观看播放,97国产自在现线免费视频,国产在线精品亚洲第一区 免费中文字幕精品一区二区 视频,狠狠爱俺也色,天天好逼网,日韩制服丝袜,国产女人大象蕉视频在线观看,国产 精品 自在 线免费,午夜时刻在线观看