| ID | Name |
|---|---|
| ATAGS-T1109.001 | Application Access Token |
| ATAGS-T1109.002 | Pass the Hash |
| ATAGS-T1109.003 | Pass the Ticket |
| ATAGS-T1109.004 | Web Session Cookie |
Threat Actors may use stolen application access tokens to bypass the typical authentication process and access restricted accounts, information, or services on remote systems. These tokens are typically stolen from users or services and used in lieu of login credentials.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.