Steal Application Access Token (T1635)

View on ATT&CK

In Playbook

Technique & Subtechniques

Associated Tactics

  • Credential Access

Credential Access (TA0031)

The adversary is trying to steal account names, passwords, or other secrets that enable access to resources. Credential access represents techniques that can be used by adversaries to obtain access to or control over passwords, tokens, cryptographic keys, or other values that could be used by an adversary to gain unauthorized access to resources. Credential access allows the adversary to assume the identity of an account, with all of that account's permissions on the system and network, and makes it harder for defenders to detect the adversary. With sufficient access within a network, an adversary can create accounts for later use within the environment.

View on ATT&CK

Procedure Examples

Description Source(s)
Android. (n.d.). Handling App Links. Retrieved December 21, 2016. Android-AppLinks
Auth0. (n.d.). Why You Should Always Use Access Tokens to Secure APIs. Retrieved September 12, 2019. Auth0 - Why You Should Always Use Access Tokens to Secure APIs Sept 2019
Microsoft. (n.d.). Microsoft identity platform and OAuth 2.0 authorization code flow. Retrieved September 12, 2019. Microsoft - OAuth Code Authorization flow - June 2019
Microsoft. (n.d.). Retrieved September 12, 2019. Microsoft Identity Platform Protocols May 2019
W. Denniss and J. Bradley. (2017, October). IETF RFC 8252: OAuth 2.0 for Native Apps. Retrieved November 30, 2018. IETF-OAuthNativeApps