A consultant investigating a compromised workstation notices an attacker is using a valid session object from a user’s active login to engage with multiple systems throughout the network. Which approach has the attacker used to maintain this unauthorized access?
Launching a credential hash into a separate login attempt
Abusing a misconfigured Kerberos process for service ticket requests
Invoking an inter-process call to act as the compromised account
Reusing a legitimate session object for user impersonation
This manipulation involves reusing a legitimate session object obtained from a compromised user. It does not need a hash (pass-the-hash) or ticket (pass-the-ticket). Remote procedure call tactics rely on direct service invocation, and misconfigurations with Kerberos typically revolve around service ticket exploitation. By reusing the stolen session data, the attacker bypasses standard credential checks and impersonates the user.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a session object in the context of user authentication?
Open an interactive chat with Bash
How do attackers steal and reuse session objects?
Open an interactive chat with Bash
What are some ways to prevent session object reuse attacks?