...but it can happen to anyone.
This week, I've been working on buffing up our security at the college - getting users skippy with MFA and Windows Hello. It's been a busy week for me, for sure.
And then one of my techs sends this one to me - hadn't heard of it, but then, that's why CASP+, CySA+, and Security+ bring up topics like CSRF and such - doesn't take much to overcome MFA, even if you know what you're doing.
So, since we're always down for a good conversation (and a deliberate opportunity to poke at @Lee McWhorter to see if he's still watching CIN) - how about we start a conversation about this.
Ever had an issue with a hijacked session token? What did that look like for you?
It wasn't too kind to Linus over at Linus Tech Tips. Poor guy - having to troubleshoot a problem like that...in the buff, even...
/r
This week, I've been working on buffing up our security at the college - getting users skippy with MFA and Windows Hello. It's been a busy week for me, for sure.
And then one of my techs sends this one to me - hadn't heard of it, but then, that's why CASP+, CySA+, and Security+ bring up topics like CSRF and such - doesn't take much to overcome MFA, even if you know what you're doing.
So, since we're always down for a good conversation (and a deliberate opportunity to poke at @Lee McWhorter to see if he's still watching CIN) - how about we start a conversation about this.
Ever had an issue with a hijacked session token? What did that look like for you?
It wasn't too kind to Linus over at Linus Tech Tips. Poor guy - having to troubleshoot a problem like that...in the buff, even...
/r