Esc
Make and Impersonate Token - T1134.003
(ATT&CK® Technique)
D3FEND Inferred Relationships
Browse the D3FEND knowledge graph by clicking on the nodes below.
graph LR; T1134003["Make and Impersonate Token"] --> |copies| AccessToken["Access Token"]; class T1134003 OffensiveTechniqueNode; class AccessToken ArtifactNode; click AccessToken href "/dao/artifact/d3f:AccessToken"; click T1134003 href "/offensive-technique/attack/T1134.003/"; click AccessToken href "/dao/artifact/d3f:AccessToken"; T1134003["Make and Impersonate Token"] --> |creates| LoginSession["Login Session"]; class T1134003 OffensiveTechniqueNode; class LoginSession ArtifactNode; click LoginSession href "/dao/artifact/d3f:LoginSession"; click T1134003 href "/offensive-technique/attack/T1134.003/"; click LoginSession href "/dao/artifact/d3f:LoginSession"; T1134003["Make and Impersonate Token"] --> |may-modify| EventLog["Event Log"]; class T1134003 OffensiveTechniqueNode; class EventLog ArtifactNode; click EventLog href "/dao/artifact/d3f:EventLog"; click T1134003 href "/offensive-technique/attack/T1134.003/"; click EventLog href "/dao/artifact/d3f:EventLog"; ReissueCredential["Reissue Credential"] --> | restores | AccessToken["Access Token"]; ReissueCredential["Reissue Credential"] -.-> | May Restore | T1134003["Make and Impersonate Token"] ; class ReissueCredential DefensiveTechniqueNode; class AccessToken ArtifactNode; click ReissueCredential href "/technique/d3f:ReissueCredential"; DecoySessionToken["Decoy Session Token"] --> | spoofs | AccessToken["Access Token"]; DecoySessionToken["Decoy Session Token"] -.-> | May Deceive | T1134003["Make and Impersonate Token"] ; class DecoySessionToken DefensiveTechniqueNode; class AccessToken ArtifactNode; click DecoySessionToken href "/technique/d3f:DecoySessionToken"; DecoyUserCredential["Decoy User Credential"] --> | spoofs | AccessToken["Access Token"]; DecoyUserCredential["Decoy User Credential"] -.-> | May Deceive | T1134003["Make and Impersonate Token"] ; class DecoyUserCredential DefensiveTechniqueNode; class AccessToken ArtifactNode; click DecoyUserCredential href "/technique/d3f:DecoyUserCredential"; CredentialCompromiseScopeAnalysis["Credential Compromise Scope Analysis"] --> | analyzes | AccessToken["Access Token"]; CredentialCompromiseScopeAnalysis["Credential Compromise Scope Analysis"] -.-> | May Detect | T1134003["Make and Impersonate Token"] ; class CredentialCompromiseScopeAnalysis DefensiveTechniqueNode; class AccessToken ArtifactNode; click CredentialCompromiseScopeAnalysis href "/technique/d3f:CredentialCompromiseScopeAnalysis"; CredentialTransmissionScoping["Credential Transmission Scoping"] --> | restricts | AccessToken["Access Token"]; CredentialTransmissionScoping["Credential Transmission Scoping"] -.-> | May Harden | T1134003["Make and Impersonate Token"] ; class CredentialTransmissionScoping DefensiveTechniqueNode; class AccessToken ArtifactNode; click CredentialTransmissionScoping href "/technique/d3f:CredentialTransmissionScoping"; AuthenticationCacheInvalidation["Authentication Cache Invalidation"] --> | deletes | AccessToken["Access Token"]; AuthenticationCacheInvalidation["Authentication Cache Invalidation"] -.-> | May Evict | T1134003["Make and Impersonate Token"] ; class AuthenticationCacheInvalidation DefensiveTechniqueNode; class AccessToken ArtifactNode; click AuthenticationCacheInvalidation href "/technique/d3f:AuthenticationCacheInvalidation"; CredentialRevoking["Credential Revoking"] --> | deletes | AccessToken["Access Token"]; CredentialRevoking["Credential Revoking"] -.-> | May Evict | T1134003["Make and Impersonate Token"] ; class CredentialRevoking DefensiveTechniqueNode; class AccessToken ArtifactNode; click CredentialRevoking href "/technique/d3f:CredentialRevoking"; CredentialRotation["Credential Rotation"] --> | regenerates | AccessToken["Access Token"]; CredentialRotation["Credential Rotation"] -.-> | May Harden | T1134003["Make and Impersonate Token"] ; class CredentialRotation DefensiveTechniqueNode; class AccessToken ArtifactNode; click CredentialRotation href "/technique/d3f:CredentialRotation";