Token Hunt: Uncovering Post-Authentication Attacks in the Microsoft Cloud

With an increasing number of attacks involving token theft and replay, incorporating post-authentication attacks into your Identity Threat Detection and Response (ITDR) strategy is crucial. However, detecting and hunting of those attacks across various data sources and signals can be a significant challenge. Explore how to correlate authentication and activity logs to effectively track the usage of issued tokens. You’ll also learn how to enrich that data to identify unusual or sensitive access and operations. Enhance your hunting skills to track user and workload activities and detect sophisticated token-based threats.