Home > Tech > Cobalt Strike: “Browser Pivoting (Get past two-factor auth)”

Cobalt Strike: “Browser Pivoting (Get past two-factor auth)”

This is a very cool post-exploitation technique that can be used to hijack the credentials of the user to hijack their sessions remotely for any website. Think GMail, Facebook, your company’s internal intranet websites, etc.

This method even bypasses 2 factor authentication. The real power of this attack is that while the user is in their session on the website in question (GMail, Yahoo, your internal sites, etc), the attacker can use that session and browse different areas of those websites without you knowing or necessarily affecting your session.

http://blog.strategiccyber.com/2013/09/26/browser-pivoting-get-past-two-factor-auth/

Advertisements
Categories: Tech
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s