Steal Application Access Token (T1528)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Steal Application Access Token

Associated Tactics

  • Credential Access

Credential Access (TA0006)

The adversary is trying to steal account names and passwords. Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.

View on ATT&CK

Procedure Examples

Description Source(s)
Amnesty International. (2019, August 16). Evolving Phishing Attacks Targeting Journalists and Human Rights Defenders from the Middle-East and North Africa. Retrieved October 8, 2019. Amnesty OAuth Phishing Attacks, August 2019
Auth0 Inc.. (n.d.). Understanding Refresh Tokens. Retrieved December 16, 2021. Auth0 Understanding Refresh Tokens
Auth0. (n.d.). Why You Should Always Use Access Tokens to Secure APIs. Retrieved September 12, 2019. Auth0 - Why You Should Always Use Access Tokens to Secure APIs Sept 2019
Daniel Krivelevich and Omer Gil. (n.d.). Top 10 CI/CD Security Risks. Retrieved March 24, 2024. Cider Security Top 10 CICD Security Risks
Hacquebord, F.. (2017, April 25). Pawn Storm Abuses Open Authentication in Advanced Social Engineering Attacks. Retrieved October 4, 2019. Trend Micro Pawn Storm OAuth 2017
Kubernetes. (2022, February 26). Configure Service Accounts for Pods. Retrieved April 1, 2022. Kubernetes Service Accounts
Microsoft. (2019, August 29). Microsoft identity platform access tokens. Retrieved September 12, 2019. Microsoft - Azure AD Identity Tokens - Aug 2019
Microsoft. (2019, May 8). Quickstart: Register an application with the Microsoft identity platform. Retrieved September 12, 2019. Microsoft - Azure AD App Registration - May 2019
Microsoft. (n.d.). Microsoft identity platform and OAuth 2.0 authorization code flow. Retrieved September 12, 2019. Microsoft - OAuth Code Authorization flow - June 2019
Microsoft. (n.d.). Retrieved September 12, 2019. Microsoft Identity Platform Protocols May 2019