Material: Application Access Token


Adversaries may use stolen application access tokens to bypass the typical authentication process and access restricted accounts, information, or services on remote systems. These tokens are typically stolen from users or services and used in lieu of login credentials.

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable Vulnerability ManagementAdvanced Network ScanWindows machinesAuthenticated ScanSMBServicesPlugin ID: 44401


Microsoft Windows SMB Service Config Enumeration

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Lateral Movement, Defense Evasion

Platform: Windows

Tenable Release Date: 2023 Q3