Threats Tagged 'session token interception'
View all threats tagged with 'session token interception'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'session token interception'
Click on any threat for detailed analysis and mitigation recommendations
Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale 0 Tycoon2FA emerged as a prominent phishing-as-a-service platform in August 2023, enabling large-scale campaigns targeting over 500,000 organizations monthly. Developed by Storm-1747, it provided adversary-in-the-middle capabilities to bypass multifactor authentication. The kit allowed impersonation of trusted brands like Microsoft 365 and Gmail, intercepting session cookies and credentials. It employed sophisticated evasion techniques including anti-bot screening, browser fingerprinting, and custom CAPTCHAs. Tycoon2FA's infrastructure evolved to use diverse, short-lived domains and complex redirect chains. Its success stemmed from closely mimicking legitimate authentication processes while covertly intercepting user credentials and session tokens. MediumMalware Join the discussion United States United Kingdom Germany+10#session token interception#evasion techniques#credential theft | AlienVault OTX General | 03/04/2026, 19:42:43 UTC Added: 03/05/2026, 09:37:49 UTC |
Showing 1 to 1 of 1 result