Application Access Token (T1527)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Application Access Token

Associated Tactics

  • Defense Evasion
  • Lateral Movement

Defense Evasion (TA0005)

The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.

View on ATT&CK

Procedure Examples

Description Source(s)
Auth0. (n.d.). Why You Should Always Use Access Tokens to Secure APIs. Retrieved September 12, 2019. Auth0 - Why You Should Always Use Access Tokens to Secure APIs Sept 2019
Cai, S., Flores, J., de Guzman, C., et. al.. (2019, August 27). Microsoft identity platform access tokens. Retrieved October 4, 2019. Microsoft Identity Platform Access 2019
okta. (n.d.). What Happens If Your JWT Is Stolen?. Retrieved September 12, 2019. okta
Stalmans, E.. (2017, August 2). Phishing with OAuth and o365/Azure. Retrieved October 4, 2019. Staaldraad Phishing with OAuth 2017