Material: Application Access Token

Description

Adversaries may use stolen application access tokens to bypass the typical authentication process and access restricted accounts, information, or services on remote systems. These tokens are typically stolen from users or services and used in lieu of login credentials.

Products, Sensors, and Dependencies

Product	Dependencies	Data source	Access required	Protocol	Data Collected	Notes
Tenable Vulnerability Management	Advanced Network Scan	Windows machines	Authenticated Scan	SMB	Services	Plugin ID: 44401

References

Microsoft Windows SMB Service Config Enumeration

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Lateral Movement, Defense Evasion

Technique: Use Alternate Authentication Material

Sub-Technique: Material: Application Access Token

Platform: Windows

Products Required: Tenable Vulnerability Management

Tenable Release Date: 2023 Q3