Esc
Token Impersonation/Theft - T1134.001
(ATT&CK® Technique)
D3FEND Inferred Relationships
Browse the D3FEND knowledge graph by clicking on the nodes below.
graph LR; T1134001["Token Impersonation/Theft"] --> |copies| AccessToken["Access Token"]; class T1134001 OffensiveTechniqueNode; class AccessToken ArtifactNode; click AccessToken href "/dao/artifact/d3f:AccessToken"; click T1134001 href "/offensive-technique/attack/T1134.001/"; click AccessToken href "/dao/artifact/d3f:AccessToken"; ReissueCredential["Reissue Credential"] --> | restores | AccessToken["Access Token"]; ReissueCredential["Reissue Credential"] -.-> | May Restore | T1134001["Token Impersonation/Theft"] ; class ReissueCredential DefensiveTechniqueNode; class AccessToken ArtifactNode; click ReissueCredential href "/technique/d3f:ReissueCredential"; DecoySessionToken["Decoy Session Token"] --> | spoofs | AccessToken["Access Token"]; DecoySessionToken["Decoy Session Token"] -.-> | May Deceive | T1134001["Token Impersonation/Theft"] ; class DecoySessionToken DefensiveTechniqueNode; class AccessToken ArtifactNode; click DecoySessionToken href "/technique/d3f:DecoySessionToken"; DecoyUserCredential["Decoy User Credential"] --> | spoofs | AccessToken["Access Token"]; DecoyUserCredential["Decoy User Credential"] -.-> | May Deceive | T1134001["Token Impersonation/Theft"] ; class DecoyUserCredential DefensiveTechniqueNode; class AccessToken ArtifactNode; click DecoyUserCredential href "/technique/d3f:DecoyUserCredential"; CredentialCompromiseScopeAnalysis["Credential Compromise Scope Analysis"] --> | analyzes | AccessToken["Access Token"]; CredentialCompromiseScopeAnalysis["Credential Compromise Scope Analysis"] -.-> | May Detect | T1134001["Token Impersonation/Theft"] ; class CredentialCompromiseScopeAnalysis DefensiveTechniqueNode; class AccessToken ArtifactNode; click CredentialCompromiseScopeAnalysis href "/technique/d3f:CredentialCompromiseScopeAnalysis"; CredentialRevoking["Credential Revoking"] --> | deletes | AccessToken["Access Token"]; CredentialRevoking["Credential Revoking"] -.-> | May Evict | T1134001["Token Impersonation/Theft"] ; class CredentialRevoking DefensiveTechniqueNode; class AccessToken ArtifactNode; click CredentialRevoking href "/technique/d3f:CredentialRevoking"; AuthenticationCacheInvalidation["Authentication Cache Invalidation"] --> | deletes | AccessToken["Access Token"]; AuthenticationCacheInvalidation["Authentication Cache Invalidation"] -.-> | May Evict | T1134001["Token Impersonation/Theft"] ; class AuthenticationCacheInvalidation DefensiveTechniqueNode; class AccessToken ArtifactNode; click AuthenticationCacheInvalidation href "/technique/d3f:AuthenticationCacheInvalidation"; CredentialTransmissionScoping["Credential Transmission Scoping"] --> | restricts | AccessToken["Access Token"]; CredentialTransmissionScoping["Credential Transmission Scoping"] -.-> | May Harden | T1134001["Token Impersonation/Theft"] ; class CredentialTransmissionScoping DefensiveTechniqueNode; class AccessToken ArtifactNode; click CredentialTransmissionScoping href "/technique/d3f:CredentialTransmissionScoping"; CredentialRotation["Credential Rotation"] --> | regenerates | AccessToken["Access Token"]; CredentialRotation["Credential Rotation"] -.-> | May Harden | T1134001["Token Impersonation/Theft"] ; class CredentialRotation DefensiveTechniqueNode; class AccessToken ArtifactNode; click CredentialRotation href "/technique/d3f:CredentialRotation";