Datacenter Infrastructure & Identity Attacks
ATT&CK techniques detected
T1528Steal Application Access Token
75%
“and another event occurred from an ip that was not tagged as a datacenter. this hypothesis works wonders for catching token theft from vpns, proxies, and anomalous locations, so i imagined it would be equally as effective. this hypothesis led to building a detector that routinely…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1528Steal Application Access Token
40%
“, but failing to identify when the ip in question had no additional attribute. so this should be a closed case then, right? all authentications from datacenter ip space are anomalous and can be reported, right? this should be an easy gap to close, right??? right??!! not even clos…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Do you know where identity attacks come from? It’s not just location or VPNs, but there’s a "secret third thing" in identity attacks. See how a new AS-based detection system closed this critical visibility gap.