Post-authentication attacks are on the rise and offer attackers the opportunity to satisfy strong security controls (such as MFA or compliant device requirements). Token artifacts take the essential role in the process of verifying identity of the user and obtaining an access to resources in Microsoft Entra. Therefore, it's important to consider token theft scenarios which allow to steal those artifacts and use them elsewhere.

Monitoring of anomaly and threat signals to enforce re-authentication but also timely response to policy violations are just a few defense aspects which should apply to your ITDR and Security Operations.

In this session, I will give an overview about the different types of token artifacts and how to protect them from token replay attacks.

- How and when does TPM help us to protect keys?
- Which detection sources and signals are important?
- What type of tokens are particularly vulnerable?
- Why Continuous Access Evaluation becomes an essential part for tackling abuse of tokens?